Vulnerabilities > Stonesoft

DATE	CVE	VULNERABILITY TITLE	RISK
2009-12-04	CVE-2009-2631	Permissions, Privileges, and Access Controls vulnerability in multiple products Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. network aladdin cisco sonicwall stonesoft CWE-264	6.8
2007-11-01	CVE-2007-5793	Unspecified vulnerability in Stonesoft Stonegate IPS Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection. network stonesoft	7.1
2005-11-18	CVE-2005-3672	Multiple Unspecified vulnerability in Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. network low complexity stonesoft	5.0
2004-12-31	CVE-2004-0498	Denial-Of-Service vulnerability in Firewall Engine The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets. network low complexity stonesoft	5.0
2004-11-23	CVE-2004-0081	OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. network low complexity cisco symantec hp avaya freebsd openbsd redhat sco apple 4d checkpoint lite neoteris novell openssl sgi stonesoft vmware bluecoat securecomputing dell tarantella sun	5.0
2004-11-23	CVE-2004-0079	NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. network low complexity cisco symantec hp avaya redhat freebsd openbsd apple sco 4d checkpoint dell lite neoteris novell openssl sgi stonesoft tarantella vmware bluecoat securecomputing sun CWE-476	7.5

Vulnerabilities > Stonesoft {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Stonesoft"}]}

Vulnerabilities > Stonesoft