Vulnerabilities > Stormshield

DATE CVE VULNERABILITY TITLE RISK
2022-02-10 CVE-2021-37613 Unspecified vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
low complexity
stormshield
6.5
2022-02-10 CVE-2021-3398 Integer Overflow or Wraparound vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
network
low complexity
stormshield CWE-190
5.8
2022-01-31 CVE-2021-31617 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stormshield Network Security
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
network
low complexity
stormshield CWE-119
critical
9.8
2022-01-31 CVE-2021-28962 Unspecified vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
network
low complexity
stormshield
7.2
2022-01-27 CVE-2021-28096 Allocation of Resources Without Limits or Throttling vulnerability in Stormshield Network Security
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used).
network
low complexity
stormshield CWE-770
5.3
2022-01-17 CVE-2022-22703 Information Exposure Through Log Files vulnerability in Stormshield Network Security 2.0.0/3.0.0
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.
local
low complexity
stormshield CWE-532
5.5
2021-12-29 CVE-2021-45885 Insufficient Session Expiration vulnerability in Stormshield Network Security 4.2.2/4.2.3
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8).
network
low complexity
stormshield CWE-613
7.5
2021-12-21 CVE-2021-45089 Unspecified vulnerability in Stormshield Endpoint Security
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.
low complexity
stormshield
5.2
2021-12-21 CVE-2021-45090 Unspecified vulnerability in Stormshield Endpoint Security
Stormshield Endpoint Security before 2.1.2 allows remote code execution.
network
low complexity
stormshield
critical
9.8
2021-12-21 CVE-2021-45091 Unspecified vulnerability in Stormshield Endpoint Security 2.1.0/2.1.1
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.
network
low complexity
stormshield
4.3