Vulnerabilities > Stormshield > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-26 CVE-2023-28616 Cleartext Transmission of Sensitive Information vulnerability in Stormshield Network Security
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1.
network
low complexity
stormshield CWE-319
7.5
2023-12-25 CVE-2023-47091 Classic Buffer Overflow vulnerability in Stormshield Network Security
An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2.
network
low complexity
stormshield CWE-120
7.5
2023-08-28 CVE-2023-26095 Unspecified vulnerability in Stormshield Network Security
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.
network
low complexity
stormshield
7.5
2023-08-25 CVE-2021-27932 Unspecified vulnerability in Stormshield SSL VPN Client 2.1.0/3.0.0
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.
local
low complexity
stormshield
7.8
2023-08-05 CVE-2022-46782 Unspecified vulnerability in Stormshield SSL VPN Client
An issue was discovered in Stormshield SSL VPN Client before 3.2.0.
local
low complexity
stormshield
7.8
2023-02-08 CVE-2022-4450 Double Free vulnerability in multiple products
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g.
network
low complexity
openssl stormshield CWE-415
7.5
2023-02-08 CVE-2023-0215 Use After Free vulnerability in multiple products
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO.
network
low complexity
openssl stormshield CWE-416
7.5
2023-02-08 CVE-2023-0216 NULL Pointer Dereference vulnerability in multiple products
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack.
network
low complexity
openssl stormshield CWE-476
7.5
2023-02-08 CVE-2023-0286 Type Confusion vulnerability in multiple products
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
network
high complexity
openssl stormshield CWE-843
7.4
2023-02-08 CVE-2023-0401 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data.
network
low complexity
openssl stormshield CWE-476
7.5