Vulnerabilities > Stormshield

DATE CVE VULNERABILITY TITLE RISK
2023-06-27 CVE-2023-35800 Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions.
network
low complexity
stormshield CWE-732
4.3
2023-05-31 CVE-2023-23562 Unspecified vulnerability in Stormshield Endpoint Security 2.3.0/2.3.2
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.
network
low complexity
stormshield
4.3
2023-05-30 CVE-2023-23561 Unspecified vulnerability in Stormshield Endpoint Security 2.3.0/2.3.2
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.
local
low complexity
stormshield
5.5
2023-03-01 CVE-2023-20032 Out-of-bounds Write vulnerability in multiple products
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write.
network
low complexity
cisco clamav stormshield CWE-787
critical
9.8
2023-03-01 CVE-2023-20052 XML Entity Expansion vulnerability in multiple products
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection.
network
low complexity
cisco clamav stormshield CWE-776
5.3
2023-02-08 CVE-2022-4304 Information Exposure Through Discrepancy vulnerability in multiple products
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.
network
high complexity
openssl stormshield CWE-203
5.9
2023-02-08 CVE-2022-4450 Double Free vulnerability in multiple products
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g.
network
low complexity
openssl stormshield CWE-415
7.5
2023-02-08 CVE-2023-0215 Use After Free vulnerability in multiple products
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO.
network
low complexity
openssl stormshield CWE-416
7.5
2023-02-08 CVE-2023-0216 NULL Pointer Dereference vulnerability in multiple products
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack.
network
low complexity
openssl stormshield CWE-476
7.5
2023-02-08 CVE-2023-0286 Type Confusion vulnerability in multiple products
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
network
high complexity
openssl stormshield CWE-843
7.4