Filtered by vendor Stormshield
Subscriptions
Filtered by product Stormshield Network Security
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3384 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.3 Medium |
| A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0. | ||||
| CVE-2021-37613 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 6.5 Medium |
| Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | ||||
| CVE-2021-31814 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 6.1 Medium |
| In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | ||||
| CVE-2021-31617 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 9.8 Critical |
| In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | ||||
| CVE-2021-28962 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 7.2 High |
| Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | ||||
| CVE-2021-28665 | 1 Stormshield | 2 Network Security, Stormshield Network Security | 2024-11-21 | 7.5 High |
| Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | ||||
| CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 7.5 High |
| An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | ||||
| CVE-2021-28096 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | ||||
| CVE-2021-27506 | 3 Clamav, Netasq Project, Stormshield | 3 Clamav, Netasq, Stormshield Network Security | 2024-11-21 | 5.5 Medium |
| The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1. | ||||
| CVE-2020-8430 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 6.1 Medium |
| Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | ||||
| CVE-2020-7466 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2024-11-21 | 7.5 High |
| The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition. | ||||
| CVE-2020-7465 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2024-11-21 | 9.8 Critical |
| The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | ||||
| CVE-2020-11711 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 4.8 Medium |
| An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form. | ||||
| CVE-2018-20850 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | N/A |
| Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. | ||||