Vulnerabilities > Stormshield
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-23989 | Unspecified vulnerability in Stormshield Network Security In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. | 7.5 |
| 2022-02-10 | CVE-2021-31814 | Missing Authentication for Critical Function vulnerability in Stormshield Network Security In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | 6.1 |
| 2022-02-10 | CVE-2021-37613 | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. low complexity stormshield | 6.5 |
| 2022-02-10 | CVE-2021-3398 | Integer Overflow or Wraparound vulnerability in Stormshield Network Security Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | 5.8 |
| 2022-01-31 | CVE-2021-31617 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stormshield Network Security In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | 9.8 |
| 2022-01-31 | CVE-2021-28962 | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | 7.2 |
| 2022-01-27 | CVE-2021-28096 | Allocation of Resources Without Limits or Throttling vulnerability in Stormshield Network Security An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). | 5.3 |
| 2022-01-17 | CVE-2022-22703 | Information Exposure Through Log Files vulnerability in Stormshield Network Security 2.0.0/3.0.0 In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. | 5.5 |
| 2021-12-29 | CVE-2021-45885 | Insufficient Session Expiration vulnerability in Stormshield Network Security 4.2.2/4.2.3 An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). | 7.5 |
| 2021-12-21 | CVE-2021-45089 | Unspecified vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. low complexity stormshield | 5.2 |