Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sonicos
(Sonicwall)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 51 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-09 | CVE-2019-12261 | Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Communications_eagle, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 9.8 | ||
| 2021-06-23 | CVE-2021-20019 | A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | Sonicos, Sonicosv | 7.5 | ||
| 2018-01-08 | CVE-2018-5280 | SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | Sonicos | 5.4 | ||
| 2018-01-08 | CVE-2018-5281 | SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | Sonicos | 5.4 | ||
| 2019-08-09 | CVE-2019-12259 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, 9410_power_meter_firmware, 9810_power_meter_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 7.5 | ||
| 2019-02-19 | CVE-2018-9867 | In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv... | Sonicos, Sonicosv | 5.5 | ||
| 2022-04-27 | CVE-2022-22275 | Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | Sonicos | 7.5 | ||
| 2022-03-25 | CVE-2022-22274 | A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | Sonicos, Sonicosv | 9.8 | ||
| 2022-01-10 | CVE-2021-20046 | A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. | Sonicos | 8.8 | ||
| 2022-01-10 | CVE-2021-20048 | A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. | Sonicos | 8.8 |