Vulnerabilities > Stormshield > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-41166 | Unspecified vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. | 5.3 |
| 2023-12-21 | CVE-2023-47093 | Unspecified vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. low complexity stormshield | 6.5 |
| 2023-08-28 | CVE-2022-46783 | Inadequate Encryption Strength vulnerability in Stormshield SSL VPN Client An issue was discovered in Stormshield SSL VPN Client before 3.2.0. | 5.3 |
| 2023-08-25 | CVE-2020-11711 | Cross-site Scripting vulnerability in Stormshield Network Security An issue was discovered in Stormshield SNS 3.8.0. | 4.8 |
| 2023-06-27 | CVE-2023-35799 | Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. | 5.5 |
| 2023-06-27 | CVE-2023-35800 | Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. | 4.3 |
| 2023-05-31 | CVE-2023-23562 | Unspecified vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | 4.3 |
| 2023-05-30 | CVE-2023-23561 | Unspecified vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. | 5.5 |
| 2023-03-01 | CVE-2023-20052 | XML Entity Expansion vulnerability in multiple products On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. | 5.3 |
| 2023-02-08 | CVE-2022-4304 | Information Exposure Through Discrepancy vulnerability in multiple products A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. | 5.9 |