CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5138
https://notcve.org/view.php?id=CVE-2020-5138
12 Oct 2020 — A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Una vulnerabilidad de Desbordamiento de Pila en SonicOS, permite a un atacante remoto no autenticado causar una Denegación de Servicio (DoS) en el servicio SSLVPN del fire... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0013 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5139
https://notcve.org/view.php?id=CVE-2020-5139
12 Oct 2020 — A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Una vulnerabilidad en el servicio SSLVPN de SonicOS, permite a un atacante remoto no autenticado causar una Denegación de servicio (DoS) debido a un lanzamiento de ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5140
https://notcve.org/view.php?id=CVE-2020-5140
12 Oct 2020 — A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. Una vulnerabilidad en SonicOS, permite a un atacante remoto no autenticado causar una denegación de servicio (DoS) en el servicio SSLVPN del fir... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0015 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5136
https://notcve.org/view.php?id=CVE-2020-5136
12 Oct 2020 — A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad de desbordamiento del búfer en SonicOS, permite a un atacante autenticado causar una Denegación de Servicio (DoS) en el portal de SSL-VPN y virtual assist... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5137
https://notcve.org/view.php?id=CVE-2020-5137
12 Oct 2020 — A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad de desbordamiento del búfer en SonicOS, permite a un atacante remoto no autenticado causar una Denegación de Servicio (DoS) en el servicio SSLVPN del firewall y ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0012 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5134
https://notcve.org/view.php?id=CVE-2020-5134
12 Oct 2020 — A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad en SonicOS, permite a un atacante autenticado causar una referencia de archivos no válidos fuera del límite que causan un bloqueo del firewall. Esta vulnerabilidad afectó a SonicOS Gen 6 versiones 6.5.1.12, 6.0.5.3, SonicOSv versión 6.5.4.v y Gen 7... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 40%CPEs: 5EXPL: 0CVE-2020-5135 – SonicWall SonicOS Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-5135
12 Oct 2020 — A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad de desbordamiento del búfer en SonicOS, permite a un atacante remoto causar una Denegación de servicio (DoS) y ejecutar potencialmente código arbitrario mediante el envío de una petic... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5130
https://notcve.org/view.php?id=CVE-2020-5130
17 Jul 2020 — SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. La petición de inicio de sesión de SonicOS SSLVPN LDAP, permite a atacantes remotos causar una interacción de servicio externo (DNS) debido a una comprobación inapropiada de la petición. Esta vulnerabilidad impacta a SonicOS versión 6.5.4.4-44n y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0003 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2019-7479
https://notcve.org/view.php?id=CVE-2019-7479
31 Dec 2019 — A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). Una vulnerabilidad en SonicOS permite que un administrador de solo lectura auten... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0012 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-7487
https://notcve.org/view.php?id=CVE-2019-7487
19 Dec 2019 — Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. La instalación de SonicOS SSLVPN NACagent versión 3.5 en el sistema operativo Windows, un valor autorun se crea sin poner la ruta entre comillas, por lo que si un binario malicioso se introduce en la ruta principal por parte de un atacante, podría permitir una ejecución de códig... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022 • CWE-428: Unquoted Search Path or Element •