Vulnerabilities > Stormshield
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |
| 2021-07-13 | CVE-2021-31220 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. low complexity stormshield | 5.2 |
| 2021-07-13 | CVE-2021-31221 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. low complexity stormshield | 5.7 |
| 2021-07-13 | CVE-2021-31222 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. low complexity stormshield | 5.7 |
| 2021-07-13 | CVE-2021-31223 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. low complexity stormshield | 5.7 |
| 2021-07-13 | CVE-2021-31224 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. low complexity stormshield | 3.5 |
| 2021-07-13 | CVE-2021-35957 | Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | 6.7 |
| 2021-07-13 | CVE-2021-31225 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. low complexity stormshield | 7.3 |
| 2021-07-01 | CVE-2021-28127 | Improper Restriction of Excessive Authentication Attempts vulnerability in Stormshield Network Security An issue was discovered in Stormshield SNS through 4.2.1. | 7.5 |
| 2021-05-06 | CVE-2021-28665 | Memory Leak vulnerability in Stormshield Network Security and Stormshield Network Security Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | 7.5 |