Filtered by vendor Stormshield Subscriptions
Total 57 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-31224 1 Stormshield 1 Endpoint Security 2024-11-21 3.5 Low
SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.
CVE-2021-31223 1 Stormshield 1 Endpoint Security 2024-11-21 5.7 Medium
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.
CVE-2021-31222 1 Stormshield 1 Endpoint Security 2024-11-21 5.7 Medium
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.
CVE-2021-31221 1 Stormshield 1 Endpoint Security 2024-11-21 5.7 Medium
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.
CVE-2021-31220 1 Stormshield 1 Endpoint Security 2024-11-21 5.2 Medium
SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.
CVE-2021-28962 1 Stormshield 1 Stormshield Network Security 2024-11-21 7.2 High
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
CVE-2021-28665 1 Stormshield 2 Network Security, Stormshield Network Security 2024-11-21 7.5 High
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
CVE-2021-28127 1 Stormshield 1 Stormshield Network Security 2024-11-21 7.5 High
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
CVE-2021-28096 1 Stormshield 1 Stormshield Network Security 2024-11-21 5.3 Medium
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
CVE-2021-27932 1 Stormshield 1 Ssl Vpn Client 2024-11-21 7.8 High
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.
CVE-2021-27506 3 Clamav, Netasq Project, Stormshield 3 Clamav, Netasq, Stormshield Network Security 2024-11-21 5.5 Medium
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
CVE-2020-8430 1 Stormshield 1 Stormshield Network Security 2024-11-21 6.1 Medium
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
CVE-2020-7466 2 Mpd Project, Stormshield 2 Mpd, Stormshield Network Security 2024-11-21 7.5 High
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.
CVE-2020-7465 2 Mpd Project, Stormshield 2 Mpd, Stormshield Network Security 2024-11-21 9.8 Critical
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
CVE-2020-11711 1 Stormshield 1 Stormshield Network Security 2024-11-21 4.8 Medium
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.
CVE-2018-20850 1 Stormshield 1 Stormshield Network Security 2024-11-21 N/A
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
CVE-2002-20001 6 Balasys, F5, Hpe and 3 more 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more 2024-11-21 7.5 High
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.