Vulnerabilities > Stormshield > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-41166 Unspecified vulnerability in Stormshield Network Security
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1.
network
low complexity
stormshield
5.3
2023-12-21 CVE-2023-47093 Unspecified vulnerability in Stormshield Network Security
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0.
low complexity
stormshield
6.5
2023-08-28 CVE-2022-46783 Inadequate Encryption Strength vulnerability in Stormshield SSL VPN Client
An issue was discovered in Stormshield SSL VPN Client before 3.2.0.
network
low complexity
stormshield CWE-326
5.3
2023-08-25 CVE-2020-11711 Cross-site Scripting vulnerability in Stormshield Network Security
An issue was discovered in Stormshield SNS 3.8.0.
network
low complexity
stormshield CWE-79
4.8
2023-06-27 CVE-2023-35799 Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions.
local
low complexity
stormshield CWE-732
5.5
2023-06-27 CVE-2023-35800 Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions.
network
low complexity
stormshield CWE-732
4.3
2023-05-31 CVE-2023-23562 Unspecified vulnerability in Stormshield Endpoint Security 2.3.0/2.3.2
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.
network
low complexity
stormshield
4.3
2023-05-30 CVE-2023-23561 Unspecified vulnerability in Stormshield Endpoint Security 2.3.0/2.3.2
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.
local
low complexity
stormshield
5.5
2023-03-01 CVE-2023-20052 XML Entity Expansion vulnerability in multiple products
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection.
network
low complexity
cisco clamav stormshield CWE-776
5.3
2023-02-08 CVE-2022-4304 Information Exposure Through Discrepancy vulnerability in multiple products
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.
network
high complexity
openssl stormshield CWE-203
5.9