Vulnerabilities > Stormshield
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-10 | CVE-2021-37613 | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | 2.9 |
| 2022-02-10 | CVE-2021-3398 | Integer Overflow or Wraparound vulnerability in Stormshield Network Security Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | 5.0 |
| 2022-01-31 | CVE-2021-31617 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stormshield Network Security In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | 9.8 |
| 2022-01-31 | CVE-2021-28962 | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | 7.2 |
| 2022-01-27 | CVE-2021-28096 | Allocation of Resources Without Limits or Throttling vulnerability in Stormshield Network Security An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). | 4.3 |
| 2022-01-17 | CVE-2022-22703 | Information Exposure Through Log Files vulnerability in Stormshield Network Security 2.0.0/3.0.0 In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. | 2.1 |
| 2021-12-29 | CVE-2021-45885 | Insufficient Session Expiration vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). | 4.3 |
| 2021-12-21 | CVE-2021-45089 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2/2.1.0 Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | 2.3 |
| 2021-12-21 | CVE-2021-45090 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2/2.1.0 Stormshield Endpoint Security before 2.1.2 allows remote code execution. | 10.0 |
| 2021-12-21 | CVE-2021-45091 | Unspecified vulnerability in Stormshield Endpoint Security 2.1.0/2.1.1 Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | 4.0 |