Vulnerabilities > Stormshield

DATE CVE VULNERABILITY TITLE RISK
2021-03-19 CVE-2021-27506 The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files.
local
low complexity
netasq-project stormshield clamav
5.5
2021-03-02 CVE-2021-3384 Unspecified vulnerability in Stormshield Network Security
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6.
network
low complexity
stormshield
5.3
2020-10-06 CVE-2020-7466 Out-of-bounds Read vulnerability in multiple products
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.
network
low complexity
mpd-project stormshield CWE-125
7.5
2020-10-06 CVE-2020-7465 Out-of-bounds Write vulnerability in multiple products
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
network
low complexity
mpd-project stormshield CWE-787
critical
9.8
2020-04-13 CVE-2020-8430 Open Redirect vulnerability in Stormshield Network Security
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal.
network
low complexity
stormshield CWE-601
6.1
2019-07-04 CVE-2018-20850 Cross-site Scripting vulnerability in Stormshield Network Security
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
local
low complexity
stormshield CWE-79
8.2