Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sonicos
(Sonicwall)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 57 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-17 | CVE-2023-41712 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. | Sonicos | 6.5 | ||
| 2023-10-17 | CVE-2023-41715 | SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | Sonicos | 8.8 | ||
| 2023-10-17 | CVE-2023-41713 | SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | Sonicos | 7.5 | ||
| 2024-02-08 | CVE-2024-22394 | An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | Sonicos | 9.8 | ||
| 2024-06-20 | CVE-2024-29012 | Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | Sonicos | 7.5 | ||
| 2024-06-20 | CVE-2024-29013 | Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | Sonicos | 6.5 | ||
| 2024-07-18 | CVE-2024-40764 | Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). | Sonicos | 7.5 | ||
| 2024-08-23 | CVE-2024-40766 | An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. | Sonicos | 9.8 | ||
| 2019-08-09 | CVE-2019-12255 | Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 9.8 | ||
| 2019-08-09 | CVE-2019-12256 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 9.8 |