Vulnerabilities > Stormshield
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-08 | CVE-2023-0401 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. | 7.5 |
| 2022-10-31 | CVE-2022-40617 | Resource Exhaustion vulnerability in multiple products strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | 7.5 |
| 2022-08-24 | CVE-2022-27812 | Unspecified vulnerability in Stormshield Network Security Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | 7.5 |
| 2022-08-05 | CVE-2022-37434 | Out-of-bounds Write vulnerability in multiple products zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. | 9.8 |
| 2022-07-14 | CVE-2022-32213 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | 6.5 |
| 2022-07-14 | CVE-2022-32214 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. | 6.5 |
| 2022-07-14 | CVE-2022-32215 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. | 6.5 |
| 2022-05-12 | CVE-2022-30279 | NULL Pointer Dereference vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. | 7.5 |
| 2022-03-15 | CVE-2022-23989 | Unspecified vulnerability in Stormshield Network Security In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. | 7.5 |
| 2022-02-10 | CVE-2021-31814 | Missing Authentication for Critical Function vulnerability in Stormshield Network Security In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | 6.1 |