CVSS: 7.5EPSS: 12%CPEs: 59EXPL: 2CVE-2022-47522
https://notcve.org/view.php?id=CVE-2022-47522
15 Apr 2023 — The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a clien... • https://github.com/toffeenutt/CVE-2022-47522-exploit • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.0EPSS: 0%CPEs: 71EXPL: 0CVE-2023-1101
https://notcve.org/view.php?id=CVE-2023-1101
02 Mar 2023 — SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2022-22275
https://notcve.org/view.php?id=CVE-2022-22275
27 Apr 2022 — Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. Una Restricción Inapropiada del Canal de Comunicación TCP en el tráfico de entrada HTTP/S de la WAN a la DMZ omitiendo la política de seguridad hasta el apretón de manos TCP, resultando potencialmente en un ataque de Denegación de Servicio (DoS) si el host de destino es vulnerable • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 129EXPL: 0CVE-2021-20048
https://notcve.org/view.php?id=CVE-2021-20048
07 Jan 2022 — A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. Un desbordamiento del búfer en la región Stack de la memoria en el encabezado de respuesta HTTP SessionID de SonicOS permite a un atacante remoto autenticado causar una Denegación de Servicio (DoS) y potencialmente resultar en ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0028 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 129EXPL: 0CVE-2021-20046
https://notcve.org/view.php?id=CVE-2021-20046
07 Jan 2022 — A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. Un desbordamiento del búfer en la región Stack de la memoria en el encabezado de respuesta HTTP Content-Length de SonicOS permite a un atacante remoto autenticado causar una Denegación de Servicio (DoS) y potencialmente re... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0027 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 41%CPEs: 129EXPL: 3CVE-2021-20031 – Sonicwall SonicOS 7.0 - Host Header Injection
https://notcve.org/view.php?id=CVE-2021-20031
12 Oct 2021 — A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. Una vulnerabilidad de Redirección de Encabezado de Host en SonicOS permite potencialmente a un atacante remoto redirigir a usuarios de la administración del firewall a dominios web arbitrarios Sonicwall SonicOS version 7.0 suffers from a host header injection vulnerability. • https://packetstorm.news/files/id/164502 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 148EXPL: 0CVE-2021-20027
https://notcve.org/view.php?id=CVE-2021-20027
14 Jun 2021 — A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. Una vulnerabilidad de desbordamiento de búfer en SonicOS permite a un atacante remoto causar una denegación de servicio (DoS) mediante el envío de una petición especialmente diseñada. Esta vulnerabilidad afecta a las plataformas SonicOS Gen5, Gen6, Gen7 y a los firewalls vi... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0016 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •