Vulnerabilities > Stormshield > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-31 CVE-2022-40617 Resource Exhaustion vulnerability in multiple products
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
7.5
2022-08-24 CVE-2022-27812 Unspecified vulnerability in Stormshield Network Security
Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.
network
low complexity
stormshield
7.5
2022-05-12 CVE-2022-30279 NULL Pointer Dereference vulnerability in Stormshield Network Security
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8.
network
low complexity
stormshield CWE-476
7.5
2022-03-15 CVE-2022-23989 Unspecified vulnerability in Stormshield Network Security
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface.
network
low complexity
stormshield
7.5
2022-01-31 CVE-2021-28962 Unspecified vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
network
low complexity
stormshield
7.2
2021-12-29 CVE-2021-45885 Insufficient Session Expiration vulnerability in Stormshield Network Security 4.2.2/4.2.3
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8).
network
low complexity
stormshield CWE-613
7.5
2021-11-11 CVE-2002-20001 Resource Exhaustion vulnerability in multiple products
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack.
network
low complexity
balasys siemens suse f5 hpe stormshield CWE-400
7.5
2021-07-13 CVE-2021-31225 Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2
SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed.
low complexity
stormshield
7.3
2021-07-01 CVE-2021-28127 Improper Restriction of Excessive Authentication Attempts vulnerability in Stormshield Network Security
An issue was discovered in Stormshield SNS through 4.2.1.
network
low complexity
stormshield CWE-307
7.5
2021-05-06 CVE-2021-28665 Memory Leak vulnerability in Stormshield Network Security and Stormshield Network Security
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
network
low complexity
stormshield CWE-401
7.5