Sonicos Security Vulnerabilities and Issues — Sonicos CVE List

Lucene search

SonicwallSonicos

5 matches found

CVE•added 2021/03/25 3:15 p.m.•749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS

CVE•added 2021/03/25 3:15 p.m.•517 views

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.6AI score0.00504EPSS

CVE•added 2021/06/23 10:15 p.m.•93 views

CVE-2021-20019

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.

7.5CVSS8.1AI score0.00791EPSS

CVE•added 2021/10/12 11:15 p.m.•83 views

CVE-2021-20031

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

6.1CVSS6.1AI score0.41298EPSS

CVE•added 2021/06/14 11:15 p.m.•54 views

CVE-2021-20027

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.

7.5CVSS7.6AI score0.00381EPSS