Vulnerabilities > Stormshield > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-31 | CVE-2022-40617 | Resource Exhaustion vulnerability in multiple products strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | 7.5 |
2022-08-24 | CVE-2022-27812 | Unspecified vulnerability in Stormshield Network Security Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | 7.5 |
2022-05-12 | CVE-2022-30279 | NULL Pointer Dereference vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. | 7.5 |
2022-03-15 | CVE-2022-23989 | Unspecified vulnerability in Stormshield Network Security In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. | 7.5 |
2022-01-31 | CVE-2021-28962 | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | 7.2 |
2021-12-29 | CVE-2021-45885 | Insufficient Session Expiration vulnerability in Stormshield Network Security 4.2.2/4.2.3 An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). | 7.5 |
2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |
2021-07-13 | CVE-2021-31225 | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. low complexity stormshield | 7.3 |
2021-07-01 | CVE-2021-28127 | Improper Restriction of Excessive Authentication Attempts vulnerability in Stormshield Network Security An issue was discovered in Stormshield SNS through 4.2.1. | 7.5 |
2021-05-06 | CVE-2021-28665 | Memory Leak vulnerability in Stormshield Network Security and Stormshield Network Security Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | 7.5 |