CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5143
https://notcve.org/view.php?id=CVE-2020-5143
12 Oct 2020 — SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Una página de inicio de sesión SSLVPN de SonicOS, permite a un atacante remoto no autenticado llevar a cabo una enumeración de nombres de usuario administrador de la gestión del firewal... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018 • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5141
https://notcve.org/view.php?id=CVE-2020-5141
12 Oct 2020 — A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Una vulnerabilidad en SonicOS, permite a un atacante remoto no autenticado usar fuerza bruta en el ID de ticket de Virtual Assist en el servicio SSLVPN del firewall. Esta vulnerabilidad afectó a SonicOS Gen 5 ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-799: Improper Control of Interaction Frequency •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5142
https://notcve.org/view.php?id=CVE-2020-5142
12 Oct 2020 — A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en la interfaz web SSLVPN de SonicOS. Un ataca... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5140
https://notcve.org/view.php?id=CVE-2020-5140
12 Oct 2020 — A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Una vulnerabilidad en SonicOS, permite a un atacante remoto no autenticado causar una denegación de servicio (DoS) en el servicio SSLVPN del fir... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0015 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5138
https://notcve.org/view.php?id=CVE-2020-5138
12 Oct 2020 — A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Una vulnerabilidad de Desbordamiento de Pila en SonicOS, permite a un atacante remoto no autenticado causar una Denegación de Servicio (DoS) en el servicio SSLVPN del fire... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0013 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5139
https://notcve.org/view.php?id=CVE-2020-5139
12 Oct 2020 — A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Una vulnerabilidad en el servicio SSLVPN de SonicOS, permite a un atacante remoto no autenticado causar una Denegación de servicio (DoS) debido a un lanzamiento de ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5137
https://notcve.org/view.php?id=CVE-2020-5137
12 Oct 2020 — A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad de desbordamiento del búfer en SonicOS, permite a un atacante remoto no autenticado causar una Denegación de Servicio (DoS) en el servicio SSLVPN del firewall y ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0012 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5136
https://notcve.org/view.php?id=CVE-2020-5136
12 Oct 2020 — A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad de desbordamiento del búfer en SonicOS, permite a un atacante autenticado causar una Denegación de Servicio (DoS) en el portal de SSL-VPN y virtual assist... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2020-5135 – SonicWall SonicOS Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-5135
12 Oct 2020 — A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad de desbordamiento del búfer en SonicOS, permite a un atacante remoto causar una Denegación de servicio (DoS) y ejecutar potencialmente código arbitrario mediante el envío de una petic... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5134
https://notcve.org/view.php?id=CVE-2020-5134
12 Oct 2020 — A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad en SonicOS, permite a un atacante autenticado causar una referencia de archivos no válidos fuera del límite que causan un bloqueo del firewall. Esta vulnerabilidad afectó a SonicOS Gen 6 versiones 6.5.1.12, 6.0.5.3, SonicOSv versión 6.5.4.v y Gen 7... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009 • CWE-125: Out-of-bounds Read •