Filtered by vendor Stormshield
Subscribe
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23562 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | N/A | 4.3 MEDIUM |
| Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | |||||
| CVE-2023-35800 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | N/A | 4.3 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. | |||||
| CVE-2022-32214 | 4 Debian, Llhttp, Nodejs and 1 more | 4 Debian Linux, Llhttp, Node.js and 1 more | 2023-12-10 | N/A | 6.5 MEDIUM |
| The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). | |||||
| CVE-2022-27812 | 1 Stormshield | 1 Network Security | 2023-12-10 | N/A | 7.5 HIGH |
| Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | |||||
| CVE-2022-32213 | 6 Debian, Fedoraproject, Llhttp and 3 more | 6 Debian Linux, Fedora, Llhttp and 3 more | 2023-12-10 | N/A | 6.5 MEDIUM |
| The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | |||||
| CVE-2022-40617 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | N/A | 7.5 HIGH |
| strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | |||||
| CVE-2022-32215 | 6 Debian, Fedoraproject, Llhttp and 3 more | 6 Debian Linux, Fedora, Llhttp and 3 more | 2023-12-10 | N/A | 6.5 MEDIUM |
| The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). | |||||
| CVE-2022-37434 | 6 Apple, Debian, Fedoraproject and 3 more | 21 Ipados, Iphone Os, Macos and 18 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | |||||
| CVE-2021-31814 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
| In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | |||||
| CVE-2021-3398 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
| Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | |||||
| CVE-2022-23989 | 1 Stormshield | 1 Network Security | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. | |||||
| CVE-2021-37613 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-10 | 2.9 LOW | 6.5 MEDIUM |
| Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | |||||
| CVE-2022-30279 | 1 Stormshield | 1 Network Security | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash. | |||||
| CVE-2021-31617 | 1 Stormshield | 1 Network Security | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | |||||
| CVE-2021-45089 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 2.3 LOW | 5.2 MEDIUM |
| Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | |||||
| CVE-2021-28096 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | |||||
| CVE-2021-45090 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Stormshield Endpoint Security before 2.1.2 allows remote code execution. | |||||
| CVE-2021-45091 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | |||||
| CVE-2022-22703 | 2 Microsoft, Stormshield | 2 Windows, Network Security | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. | |||||
| CVE-2021-28962 | 1 Stormshield | 1 Network Security | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | |||||