Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Stormshield_network_security
(Stormshield)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-27 | CVE-2021-28096 | An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | Stormshield_network_security | 5.3 | ||
| 2022-01-31 | CVE-2021-28962 | Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | Stormshield_network_security | 7.2 | ||
| 2022-01-31 | CVE-2021-31617 | In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | Stormshield_network_security | 9.8 | ||
| 2022-02-10 | CVE-2021-31814 | In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | Stormshield_network_security | 6.1 | ||
| 2022-02-10 | CVE-2021-37613 | Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | Stormshield_network_security | 6.5 | ||
| 2022-02-10 | CVE-2021-3398 | Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | Stormshield_network_security | 5.8 | ||
| 2022-03-15 | CVE-2022-23989 | In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. | Stormshield_network_security | 7.5 | ||
| 2022-05-12 | CVE-2022-30279 | An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash. | Stormshield_network_security | 7.5 | ||
| 2022-08-24 | CVE-2022-27812 | Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | Stormshield_network_security | 7.5 | ||
| 2022-10-31 | CVE-2022-40617 | strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | Ubuntu_linux, Debian_linux, Fedora, Stormshield_network_security, Strongswan | 7.5 |