Filtered by vendor Stormshield
Subscribe
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45885 | 1 Stormshield | 1 Network Security | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. | |||||
| CVE-2021-31220 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 2.3 LOW | 5.2 MEDIUM |
| SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. | |||||
| CVE-2021-31222 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 2.9 LOW | 5.7 MEDIUM |
| SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-31223 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 2.9 LOW | 5.7 MEDIUM |
| SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-31221 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 2.9 LOW | 5.7 MEDIUM |
| SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | |||||
| CVE-2021-31225 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 4.3 MEDIUM | 7.3 HIGH |
| SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-35957 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | |||||
| CVE-2021-28665 | 1 Stormshield | 1 Network Security | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | |||||
| CVE-2021-31224 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 2.9 LOW | 3.5 LOW |
| SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. | |||||
| CVE-2020-7466 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition. | |||||
| CVE-2020-7465 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | |||||
| CVE-2021-3384 | 1 Stormshield | 1 Network Security | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0. | |||||
| CVE-2021-27506 | 3 Clamav, Netasq Project, Stormshield | 3 Clamav, Netasq, Network Security | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1. | |||||
| CVE-2020-8430 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | |||||
| CVE-2018-20850 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-10 | 7.2 HIGH | 8.2 HIGH |
| Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. | |||||