Filtered by vendor Stormshield Subscriptions
Total 57 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-40617 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 7.5 High
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
CVE-2022-37434 7 Apple, Debian, Fedoraproject and 4 more 24 Ipados, Iphone Os, Macos and 21 more 2024-11-21 9.8 Critical
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVE-2022-32215 7 Debian, Fedoraproject, Llhttp and 4 more 9 Debian Linux, Fedora, Llhttp and 6 more 2024-11-21 6.5 Medium
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
CVE-2022-32214 5 Debian, Llhttp, Nodejs and 2 more 7 Debian Linux, Llhttp, Node.js and 4 more 2024-11-21 6.5 Medium
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
CVE-2022-32213 7 Debian, Fedoraproject, Llhttp and 4 more 9 Debian Linux, Fedora, Llhttp and 6 more 2024-11-21 6.5 Medium
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
CVE-2022-30279 1 Stormshield 1 Stormshield Network Security 2024-11-21 7.5 High
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.
CVE-2022-27812 1 Stormshield 1 Stormshield Network Security 2024-11-21 7.5 High
Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.
CVE-2022-23989 1 Stormshield 1 Stormshield Network Security 2024-11-21 7.5 High
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.
CVE-2022-22703 2 Microsoft, Stormshield 2 Windows, Network Security 2024-11-21 5.5 Medium
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.
CVE-2021-45885 1 Stormshield 1 Network Security 2024-11-21 7.5 High
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
CVE-2021-45091 1 Stormshield 1 Endpoint Security 2024-11-21 4.3 Medium
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.
CVE-2021-45090 1 Stormshield 1 Endpoint Security 2024-11-21 9.8 Critical
Stormshield Endpoint Security before 2.1.2 allows remote code execution.
CVE-2021-45089 1 Stormshield 1 Endpoint Security 2024-11-21 5.2 Medium
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.
CVE-2021-3398 1 Stormshield 1 Stormshield Network Security 2024-11-21 5.8 Medium
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
CVE-2021-3384 1 Stormshield 1 Stormshield Network Security 2024-11-21 5.3 Medium
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.
CVE-2021-37613 1 Stormshield 1 Stormshield Network Security 2024-11-21 6.5 Medium
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
CVE-2021-35957 1 Stormshield 1 Endpoint Security 2024-11-21 6.7 Medium
Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.
CVE-2021-31814 1 Stormshield 1 Stormshield Network Security 2024-11-21 6.1 Medium
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
CVE-2021-31617 1 Stormshield 1 Stormshield Network Security 2024-11-21 9.8 Critical
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
CVE-2021-31225 1 Stormshield 1 Endpoint Security 2024-11-21 7.3 High
SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed.