Filtered by vendor Sonicwall
Subscribe
Total
187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5145 | 1 Sonicwall | 1 Global Vpn Client | 2024-11-21 | 6.9 MEDIUM | 8.6 HIGH |
| SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system. | |||||
| CVE-2020-5144 | 1 Sonicwall | 1 Global Vpn Client | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | |||||
| CVE-2020-5143 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-5142 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-5141 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-5140 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-5139 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-5138 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-5137 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2020-5136 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2020-5135 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2020-5134 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2020-5133 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2020-5132 | 1 Sonicwall | 3 Sma100, Sma100 Firmware, Sonicos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. | |||||
| CVE-2020-5131 | 1 Sonicwall | 1 Netextender | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. | |||||
| CVE-2020-5130 | 1 Sonicwall | 1 Sonicos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. | |||||
| CVE-2020-5129 | 1 Sonicwall | 2 Sma1000, Sma1000 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. | |||||
| CVE-2019-7489 | 1 Sonicwall | 1 Email Security Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | |||||
| CVE-2019-7488 | 1 Sonicwall | 1 Email Security Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | |||||
| CVE-2019-7487 | 2 Microsoft, Sonicwall | 3 Windows, Sonicos, Sonicos Sslvpn Nacagent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. | |||||