Vulnerabilities > Stormshield > Stormshield Management Center > High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-08	CVE-2023-0215	Use After Free vulnerability in multiple products The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. network low complexity openssl stormshield CWE-416	7.5
2023-02-08	CVE-2023-0216	NULL Pointer Dereference vulnerability in multiple products An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. network low complexity openssl stormshield CWE-476	7.5
2023-02-08	CVE-2023-0286	Type Confusion vulnerability in multiple products There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. network high complexity openssl stormshield CWE-843	7.4
2023-02-08	CVE-2023-0401	NULL Pointer Dereference vulnerability in multiple products A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. network low complexity openssl stormshield CWE-476	7.5
2021-11-11	CVE-2002-20001	Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. network low complexity balasys siemens suse f5 hpe stormshield CWE-400	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.