Vulnerabilities > Stormshield
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-27 | CVE-2023-35800 | Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. | 4.3 |
| 2023-05-31 | CVE-2023-23562 | Unspecified vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | 4.3 |
| 2023-05-30 | CVE-2023-23561 | Unspecified vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. | 5.5 |
| 2023-03-01 | CVE-2023-20032 | Out-of-bounds Write vulnerability in multiple products On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. | 9.8 |
| 2023-03-01 | CVE-2023-20052 | XML Entity Expansion vulnerability in multiple products On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. | 5.3 |
| 2023-02-08 | CVE-2022-4304 | Information Exposure Through Discrepancy vulnerability in multiple products A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. | 5.9 |
| 2023-02-08 | CVE-2022-4450 | Double Free vulnerability in multiple products The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. | 7.5 |
| 2023-02-08 | CVE-2023-0215 | Use After Free vulnerability in multiple products The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. | 7.5 |
| 2023-02-08 | CVE-2023-0216 | NULL Pointer Dereference vulnerability in multiple products An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. | 7.5 |
| 2023-02-08 | CVE-2023-0286 | Type Confusion vulnerability in multiple products There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. | 7.4 |