Skip to main content

Sonicosv

18 CVEs product

Monthly

CVE-2022-22274 CRITICAL POC THREAT Act Now

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Stack Overflow Buffer Overflow Sonicos +1
NVD
CVSS 3.1
9.8
EPSS
57.3%
CVE-2021-20019 HIGH This Week

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5143 MEDIUM This Month

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-5142 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sonicos Sonicosv
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5141 MEDIUM This Month

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-5140 HIGH This Week

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5139 HIGH This Week

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5138 HIGH This Week

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5137 HIGH This Week

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5136 MEDIUM This Month

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5135 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
9.8
EPSS
26.9%
CVE-2020-5134 MEDIUM This Month

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5133 HIGH This Week

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-7479 HIGH This Week

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft VMware Sonicos Sonicosv
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2019-7477 HIGH This Week

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure Sonicwall Sonicos +1
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-7475 CRITICAL Act Now

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft VMware Sonicwall Sonicos +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-7474 MEDIUM This Month

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure Sonicwall Sonicos +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2018-3639 MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E Atom X5 E3930 Atom X5 E3940 +278
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
46.0%
Threat
4.0
EPSS 57% CVSS 9.8
CRITICAL POC THREAT Act Now

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Stack Overflow +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sonicos Sonicosv
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sonicos Sonicosv
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos +1
NVD
EPSS 27% CVSS 9.8
CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sonicos +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft VMware +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft VMware +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure +3
NVD
EPSS 46% 4.0 CVSS 5.5
MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E +280
NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy