Vulnerabilities > Stormshield > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2022-32213 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
6.5
2022-07-14 CVE-2022-32214 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests.
network
low complexity
llhttp nodejs debian stormshield CWE-444
6.5
2022-07-14 CVE-2022-32215 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers.
6.5
2022-02-10 CVE-2021-31814 Missing Authentication for Critical Function vulnerability in Stormshield Network Security
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
local
low complexity
stormshield CWE-306
6.1
2022-02-10 CVE-2021-37613 Unspecified vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
low complexity
stormshield
6.5
2022-02-10 CVE-2021-3398 Integer Overflow or Wraparound vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
network
low complexity
stormshield CWE-190
5.8
2022-01-27 CVE-2021-28096 Allocation of Resources Without Limits or Throttling vulnerability in Stormshield Network Security
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used).
network
low complexity
stormshield CWE-770
5.3
2022-01-17 CVE-2022-22703 Information Exposure Through Log Files vulnerability in Stormshield Network Security 2.0.0/3.0.0
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.
local
low complexity
stormshield CWE-532
5.5
2021-12-21 CVE-2021-45089 Unspecified vulnerability in Stormshield Endpoint Security
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.
low complexity
stormshield
5.2
2021-12-21 CVE-2021-45091 Unspecified vulnerability in Stormshield Endpoint Security 2.1.0/2.1.1
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.
network
low complexity
stormshield
4.3