Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Endpoint_security
(Stormshield)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-08 | CVE-2022-4304 | A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master... | Openssl, Endpoint_security, Sslvpn, Stormshield_network_security | 5.9 | ||
| 2023-05-30 | CVE-2023-23561 | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. | Endpoint_security | 5.5 | ||
| 2023-05-31 | CVE-2023-23562 | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | Endpoint_security | 4.3 | ||
| 2021-07-13 | CVE-2021-31225 | SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | Endpoint_security | 7.3 | ||
| 2021-07-13 | CVE-2021-31220 | SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. | Endpoint_security | 5.2 |