Vulnerabilities > Stormshield > Stormshield Network Security > 3.0.1

DATE CVE VULNERABILITY TITLE RISK
2024-02-29 CVE-2023-34198 Unspecified vulnerability in Stormshield Network Security
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.
network
low complexity
stormshield
7.3
2023-12-26 CVE-2023-28616 Cleartext Transmission of Sensitive Information vulnerability in Stormshield Network Security
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1.
network
low complexity
stormshield CWE-319
7.5
2023-03-01 CVE-2023-20032 Out-of-bounds Write vulnerability in multiple products
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write.
network
low complexity
cisco clamav stormshield CWE-787
critical
9.8
2023-03-01 CVE-2023-20052 XML Entity Expansion vulnerability in multiple products
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection.
network
low complexity
cisco clamav stormshield CWE-776
5.3
2023-02-08 CVE-2022-4304 Information Exposure Through Discrepancy vulnerability in multiple products
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.
network
high complexity
openssl stormshield CWE-203
5.9
2023-02-08 CVE-2023-0286 Type Confusion vulnerability in multiple products
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
network
high complexity
openssl stormshield CWE-843
7.4
2022-03-15 CVE-2022-23989 Unspecified vulnerability in Stormshield Network Security
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface.
network
low complexity
stormshield
7.5
2022-02-10 CVE-2021-37613 Unspecified vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
low complexity
stormshield
6.5
2022-02-10 CVE-2021-3398 Integer Overflow or Wraparound vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
network
low complexity
stormshield CWE-190
5.8
2022-01-31 CVE-2021-31617 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stormshield Network Security
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
network
low complexity
stormshield CWE-119
critical
9.8