Vulnerabilities > Stormshield > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-21 | CVE-2021-45091 | Unspecified vulnerability in Stormshield Endpoint Security 2.1.0/2.1.1 Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | 4.0 |
| 2021-07-13 | CVE-2021-35957 | Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | 4.6 |
| 2021-07-13 | CVE-2021-31225 | Unspecified vulnerability in Stormshield Endpoint Security SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | 4.3 |
| 2021-07-01 | CVE-2021-28127 | Improper Restriction of Excessive Authentication Attempts vulnerability in Stormshield Network Security An issue was discovered in Stormshield SNS through 4.2.1. | 5.0 |
| 2021-05-06 | CVE-2021-28665 | Memory Leak vulnerability in Stormshield Network Security Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | 5.0 |
| 2021-03-19 | CVE-2021-27506 | The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. | 4.3 |
| 2021-03-02 | CVE-2021-3384 | Unspecified vulnerability in Stormshield Network Security A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. | 5.0 |
| 2020-04-13 | CVE-2020-8430 | Open Redirect vulnerability in Stormshield Network Security Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. | 5.8 |