Filtered by vendor Sonicwall
Subscribe
Total
167 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5148 | 1 Sonicwall | 1 Directory Services Connector | 2024-02-04 | 6.4 MEDIUM | 8.2 HIGH |
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | |||||
CVE-2020-5142 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2021-3450 | 10 Fedoraproject, Freebsd, Mcafee and 7 more | 35 Fedora, Freebsd, Web Gateway and 32 more | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). | |||||
CVE-2020-5146 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier. | |||||
CVE-2020-5147 | 1 Sonicwall | 1 Netextender | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. | |||||
CVE-2020-5139 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5140 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5145 | 1 Sonicwall | 1 Global Vpn Client | 2024-02-04 | 6.9 MEDIUM | 8.6 HIGH |
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system. | |||||
CVE-2020-5134 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-5135 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-5141 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5138 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5133 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-5144 | 1 Sonicwall | 1 Global Vpn Client | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | |||||
CVE-2021-20016 | 1 Sonicwall | 11 Sma 100, Sma 100 Firmware, Sma 200 and 8 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. | |||||
CVE-2020-5131 | 1 Sonicwall | 1 Netextender | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. | |||||
CVE-2020-5130 | 1 Sonicwall | 1 Sonicos | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. | |||||
CVE-2020-5129 | 1 Sonicwall | 2 Sma1000, Sma1000 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. | |||||
CVE-2019-7478 | 1 Sonicwall | 1 Global Management System | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. | |||||
CVE-2019-7486 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. |