Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Stormshield_network_security
(Stormshield)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-10 | CVE-2021-37613 | Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | Stormshield_network_security | 6.5 | ||
| 2022-02-10 | CVE-2021-3398 | Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | Stormshield_network_security | 5.8 | ||
| 2022-03-15 | CVE-2022-23989 | In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. | Stormshield_network_security | 7.5 | ||
| 2022-05-12 | CVE-2022-30279 | An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash. | Stormshield_network_security | 7.5 | ||
| 2022-08-24 | CVE-2022-27812 | Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | Stormshield_network_security | 7.5 | ||
| 2023-03-01 | CVE-2023-20032 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+... | Secure_endpoint, Secure_endpoint_private_cloud, Web_security_appliance, Clamav, Stormshield_network_security | 9.8 | ||
| 2023-03-01 | CVE-2023-20052 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting... | Secure_endpoint, Secure_endpoint_private_cloud, Clamav, Stormshield_network_security | 5.3 | ||
| 2023-08-28 | CVE-2023-26095 | ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet. | Stormshield_network_security | 7.5 | ||
| 2023-12-21 | CVE-2023-41166 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands. | Stormshield_network_security | 5.3 | ||
| 2023-12-21 | CVE-2023-47093 | An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. | Stormshield_network_security | 6.5 |