Filtered by vendor Stormshield
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46782 | 1 Stormshield | 1 Ssl Vpn Client | 2023-08-09 | 7.8 High |
| An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. | ||||
| CVE-2022-27812 | 1 Stormshield | 1 Network Security | 2023-08-08 | 7.5 High |
| Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | ||||
| CVE-2021-31814 | 1 Stormshield | 1 Stormshield Network Security | 2023-08-08 | 6.1 Medium |
| In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | ||||
| CVE-2022-37434 | 6 Apple, Debian, Fedoraproject and 3 more | 21 Ipados, Iphone Os, Macos and 18 more | 2023-07-19 | 9.8 Critical |
| zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | ||||
| CVE-2020-7465 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2023-07-19 | 9.8 Critical |
| The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | ||||
| CVE-2020-7466 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2023-07-19 | 7.5 High |
| The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition. | ||||
| CVE-2022-32214 | 4 Debian, Llhttp, Nodejs and 1 more | 4 Debian Linux, Llhttp, Node.js and 1 more | 2023-07-19 | 6.5 Medium |
| The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). | ||||
| CVE-2023-35799 | 1 Stormshield | 1 Endpoint Security | 2023-07-05 | 5.5 Medium |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. | ||||
| CVE-2023-35800 | 1 Stormshield | 1 Endpoint Security | 2023-07-05 | 4.3 Medium |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. | ||||
| CVE-2023-23562 | 1 Stormshield | 1 Endpoint Security | 2023-06-07 | 4.3 Medium |
| Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | ||||
| CVE-2023-23561 | 1 Stormshield | 1 Endpoint Security | 2023-06-06 | 5.5 Medium |
| Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. | ||||
| CVE-2021-45089 | 1 Stormshield | 1 Endpoint Security | 2022-07-12 | 5.2 Medium |
| Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | ||||
| CVE-2021-45091 | 1 Stormshield | 1 Endpoint Security | 2022-07-12 | 4.3 Medium |
| Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | ||||
| CVE-2021-28665 | 1 Stormshield | 1 Network Security | 2022-07-12 | 7.5 High |
| Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | ||||
| CVE-2021-28962 | 1 Stormshield | 1 Network Security | 2022-07-12 | 7.2 High |
| Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | ||||
| CVE-2021-27506 | 3 Clamav, Netasq Project, Stormshield | 3 Clamav, Netasq, Network Security | 2022-07-01 | 5.5 Medium |
| The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1. | ||||
| CVE-2022-30279 | 1 Stormshield | 1 Network Security | 2022-05-20 | 7.5 High |
| An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash. | ||||
| CVE-2022-23989 | 1 Stormshield | 1 Network Security | 2022-03-24 | 7.5 High |
| In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. | ||||
| CVE-2021-3398 | 1 Stormshield | 1 Stormshield Network Security | 2022-02-23 | 5.8 Medium |
| Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | ||||
| CVE-2021-37613 | 1 Stormshield | 1 Stormshield Network Security | 2022-02-17 | 6.5 Medium |
| Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | ||||