CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5133
https://notcve.org/view.php?id=CVE-2020-5133
12 Oct 2020 — A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. Una vulnerabilidad en SonicOS, permite a un atacante remoto no autenticado causar una denegación de servicio debido a un desbordamiento del búfer, lo que conlleva a un bloqueo del firewall. Esta vulnerabilidad afectó a SonicOS Gen 6 versiones 6.5.... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0008 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5132
https://notcve.org/view.php?id=CVE-2020-5132
30 Sep 2020 — SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. Los productos SonicWall SSL-VPN y una configuración inapropiada de la funcionalidad SSL-VPN del firewall SonicWall, conlleva a un posible f... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5130
https://notcve.org/view.php?id=CVE-2020-5130
17 Jul 2020 — SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. La petición de inicio de sesión de SonicOS SSLVPN LDAP, permite a atacantes remotos causar una interacción de servicio externo (DNS) debido a una comprobación inapropiada de la petición. Esta vulnerabilidad impacta a SonicOS versión 6.5.4.4-44n y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0003 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2019-7479
https://notcve.org/view.php?id=CVE-2019-7479
31 Dec 2019 — A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). Una vulnerabilidad en SonicOS permite que un administrador de solo lectura auten... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0012 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-7487
https://notcve.org/view.php?id=CVE-2019-7487
19 Dec 2019 — Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. La instalación de SonicOS SSLVPN NACagent versión 3.5 en el sistema operativo Windows, un valor autorun se crea sin poner la ruta entre comillas, por lo que si un binario malicioso se introduce en la ruta principal por parte de un atacante, podría permitir una ejecución de códig... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0022 • CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: 2%CPEs: 72EXPL: 0CVE-2019-12261
https://notcve.org/view.php?id=CVE-2019-12261
09 Aug 2019 — Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. Wind River VxWorks versiones 6.7 hasta 6.9 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 3 de 4). Se trata de una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer durante la función connect() a un host remoto. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 7%CPEs: 72EXPL: 0CVE-2019-12260
https://notcve.org/view.php?id=CVE-2019-12260
09 Aug 2019 — Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. Wind River VxWorks versiones 6.9 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 2 de 4). Se trata de una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer causada por una opción AO de TCP malformada. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 38%CPEs: 71EXPL: 1CVE-2019-12258 – URGENT/11 Scanner, Based on Detection Tool by Armis
https://notcve.org/view.php?id=CVE-2019-12258
09 Aug 2019 — Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. Wind River VxWorks versiones 6.6 hasta vx7, presenta una Fijación de Sesión en el componente TCP. Se trata de una vulnerabilidad de seguridad de IPNET: DoS de la conexión TCP por medio de opciones TCP malformadas. • https://packetstorm.news/files/id/180933 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 56%CPEs: 72EXPL: 4CVE-2019-12255 – VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
https://notcve.org/view.php?id=CVE-2019-12255
09 Aug 2019 — Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Wind River VxWorks presenta un desbordamiento de búfer en el componente TCP (problema 1 de 4). Esta es una vulnerabilidad de seguridad de IPNET: TCP Urgent Pointer = 0 que conduce a un desbordamiento de enteros. VxWorks version 6.8 suffers from an integer underflow vulnerability. • https://packetstorm.news/files/id/154022 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 1%CPEs: 73EXPL: 0CVE-2019-12265
https://notcve.org/view.php?id=CVE-2019-12265
09 Aug 2019 — Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. Wind River VxWorks versiones 6.5, 6.6, 6.7, 6.8, 6.9.3 y 6.9.4, presenta una Pérdida de Memoria en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: Un filtrado de información de IGMP por medio de un reporte de membresía específico de IGMPv3. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-401: Missing Release of Memory after Effective Lifetime •