Vulnerabilities > Stormshield > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2021-31220 Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2
SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.
low complexity
stormshield
5.2
2021-07-13 CVE-2021-31221 Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.
low complexity
stormshield
5.7
2021-07-13 CVE-2021-31222 Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.
low complexity
stormshield
5.7
2021-07-13 CVE-2021-31223 Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.
low complexity
stormshield
5.7
2021-07-13 CVE-2021-35957 Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2
Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.
local
low complexity
stormshield CWE-427
6.7
2021-03-19 CVE-2021-27506 The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files.
local
low complexity
netasq-project stormshield clamav
5.5
2021-03-02 CVE-2021-3384 Unspecified vulnerability in Stormshield Network Security
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6.
network
low complexity
stormshield
5.3
2020-04-13 CVE-2020-8430 Open Redirect vulnerability in Stormshield Network Security
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal.
network
low complexity
stormshield CWE-601
6.1