CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-7478
https://notcve.org/view.php?id=CVE-2019-7478
30 Dec 2019 — A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. Una vulnerabilidad en GMS permite una inyección de SQL a usuarios no autenticados en el módulo de servicio web. Esta vulnerabilidad afectó a GMS versiones GMS 8.4, 8.5, 8.6, 8.7, 9.0 y 9.1. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0011 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-7476
https://notcve.org/view.php?id=CVE-2019-7476
26 Apr 2019 — A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. Una vulnerabilidad en SonicWall Global Management System (GMS) permite a un atacante remoto obtener acceso empleando una clave SSH existente. Esta vulnerabilidad afecta las versiones de GMS 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0004 • CWE-284: Improper Access Control CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 1CVE-2018-9866
https://notcve.org/view.php?id=CVE-2018-9866
03 Aug 2018 — A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. Una vulnerabilidad en la falta de validación de parámetros proporcionados por el usuario pasados a llamadas XML-RPC en los dispositivos virtuales SonicWall Global Management System (GMS) permite que usuarios remotos ejecuten código arbitrario. Esta vulnerab... • https://github.com/rapid7/metasploit-framework/pull/10305 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.6EPSS: 46%CPEs: 665EXPL: 7CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
21 May 2018 — Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas l... • https://packetstorm.news/files/id/147839 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2018-5691
https://notcve.org/view.php?id=CVE-2018-5691
14 Jan 2018 — SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. SonicWall Global Management System (GMS) 8.1 tiene XSS mediante los valores "newName" y "Name" del módulo "/sgms/TreeControl". • http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 10EXPL: 0CVE-2016-2396 – Dell SonicWALL GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-2396
10 Feb 2016 — The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. La aplicación web GMS ViewPoint (GMSVP) en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores relacionados con la entrada de configuración... • http://www.securitytracker.com/id/1035015 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2016-2397 – Dell SonicWALL GMS Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-2397
10 Feb 2016 — The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. La implementación de cliserver en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a atacantes remotos deserializar y ejecutar código Java arbitrario a través de datos XML manipulados. This vulnerability allows remote attackers to execute arbitrar... • http://www.securitytracker.com/id/1035015 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3990 – Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3990
15 May 2015 — The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. La aplicación web GMS ViewPoint (GMSVP) en Dell Sonicwall GMS, Analyzer, y UMA EM5000 anterior a 7.2 SP4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores relacionados con la configuración. This vulnerability allows remote attackers to execute arbitrary code on vu... • http://www.securityfocus.com/bid/74756 • CWE-19: Data Processing Errors •
CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 0CVE-2014-8420 – Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8420
21 Nov 2014 — The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. La aplicación web ViewPoint en Dell SonicWALL Global Management System (GMS) anterior a 7.2 SP2, SonicWALL Analyzer anterior a 7.2 SP2, y SonicWALL UMA anterior a 7.2 SP2 permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no es... • http://www.securityfocus.com/bid/71241 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 3CVE-2014-5024
https://notcve.org/view.php?id=CVE-2014-5024
24 Jul 2014 — Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. Vulnerabilidad de XSS en sgms/panelManager en Dell SonicWALL GMS, Analyzer y UMA anterior a 7.2 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través del parámetro node_id. • http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •