CVSS: 8.8EPSS: 0%CPEs: 129EXPL: 0CVE-2021-20046
https://notcve.org/view.php?id=CVE-2021-20046
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. Un desbordamiento del búfer en la región Stack de la memoria en el encabezado de respuesta HTTP Content-Length de SonicOS permite a un atacante remoto autenticado causar una Denegación de Servicio (DoS) y potencialmente resultar en una ejecución de código en el firewall. Esta vulnerabilidad afecta a SonicOS versiones de firmware Gen 5, Gen 6 y Gen 7 • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0027 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 1%CPEs: 129EXPL: 2CVE-2021-20031 – Sonicwall SonicOS 7.0 - Host Header Injection
https://notcve.org/view.php?id=CVE-2021-20031
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. Una vulnerabilidad de Redirección de Encabezado de Host en SonicOS permite potencialmente a un atacante remoto redirigir a usuarios de la administración del firewall a dominios web arbitrarios Sonicwall SonicOS version 7.0 suffers from a host header injection vulnerability. • https://www.exploit-db.com/exploits/50414 http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 148EXPL: 0CVE-2021-20027
https://notcve.org/view.php?id=CVE-2021-20027
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. Una vulnerabilidad de desbordamiento de búfer en SonicOS permite a un atacante remoto causar una denegación de servicio (DoS) mediante el envío de una petición especialmente diseñada. Esta vulnerabilidad afecta a las plataformas SonicOS Gen5, Gen6, Gen7 y a los firewalls virtuales SonicOSv • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0016 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 1CVE-2018-5281
https://notcve.org/view.php?id=CVE-2018-5281
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. SonicWall SonicOS en dispositivos Network Security Appliance (NSA) 2017 Q4 tiene Cross-Site Scripting (XSS) a través de las pantallas Cloud AV DB Exclusion Settings. • http://www.securityfocus.com/bid/102443 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0002 https://www.vulnerability-lab.com/get_content.php?id=1729 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 1CVE-2018-5280
https://notcve.org/view.php?id=CVE-2018-5280
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. SonicWall SonicOS en dispositivos Network Security Appliance (NSA) 2016 Q4 tiene Cross-Site Scripting (XSS) a través de las pantallas de configuración de SSO. • http://www.securityfocus.com/bid/102438 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0001 https://www.vulnerability-lab.com/get_content.php?id=1725 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •