Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Stormshield_network_security
(Stormshield)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 20 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-02-10 | CVE-2021-31814 | In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | Stormshield_network_security | 6.1 | ||
2020-10-06 | CVE-2020-7465 | The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | Mpd, Stormshield_network_security | 9.8 | ||
2020-10-06 | CVE-2020-7466 | The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition. | Mpd, Stormshield_network_security | 7.5 | ||
2022-08-05 | CVE-2022-37434 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | Ipados, Iphone_os, Macos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, H300s_firmware, H500s_firmware, H700s_firmware, Hci, Hci_compute_node, Management_services_for_element_software, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Storagegrid, Stormshield_network_security, Zlib | 9.8 | ||
2022-02-10 | CVE-2021-3398 | Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | Stormshield_network_security | 5.8 | ||
2022-02-10 | CVE-2021-37613 | Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | Stormshield_network_security | 6.5 | ||
2022-01-27 | CVE-2021-28096 | An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | Stormshield_network_security | 5.3 | ||
2021-07-01 | CVE-2021-28127 | An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | Stormshield_network_security | 7.5 | ||
2020-04-13 | CVE-2020-8430 | Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | Stormshield_network_security | 6.1 | ||
2019-07-04 | CVE-2018-20850 | Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. | Stormshield_network_security | 8.2 |