CVE-2018-9867
https://notcve.org/view.php?id=CVE-2018-9867
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). En SonicWall SonicOS, los administradores sin permisos completos pueden descargar certificados importados. Ocurre cuando los administradores que no están en el grupo de usuarios de SonicWall Administrators intentan descargar certificados importados. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017 https://www.tenable.com/security/research/tra-2019-08 • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-5280
https://notcve.org/view.php?id=CVE-2018-5280
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. SonicWall SonicOS en dispositivos Network Security Appliance (NSA) 2016 Q4 tiene Cross-Site Scripting (XSS) a través de las pantallas de configuración de SSO. • http://www.securityfocus.com/bid/102438 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0001 https://www.vulnerability-lab.com/get_content.php?id=1725 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-3447
https://notcve.org/view.php?id=CVE-2015-3447
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. Múltiples vulnerabilidades de XSS en macIpSpoofView.html en Dell SonicWall SonicOS 7.5.0.12 y 6.x permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) searchSpoof o (2) searchSpoofIpDet. • http://seclists.org/fulldisclosure/2015/Apr/97 http://www.securityfocus.com/archive/1/535393/100/0/threaded http://www.securityfocus.com/bid/74406 http://www.securitytracker.com/id/1032204 http://www.vulnerability-lab.com/get_content.php?id=1359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •