Vulnerabilities > Stormshield > Stormshield Network Security > 3.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-23989 | Unspecified vulnerability in Stormshield Network Security In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. | 7.5 |
| 2022-02-10 | CVE-2021-37613 | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. low complexity stormshield | 6.5 |
| 2022-02-10 | CVE-2021-3398 | Integer Overflow or Wraparound vulnerability in Stormshield Network Security Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | 5.8 |
| 2022-01-31 | CVE-2021-31617 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stormshield Network Security In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | 9.8 |
| 2022-01-31 | CVE-2021-28962 | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | 7.2 |
| 2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |
| 2021-07-01 | CVE-2021-28127 | Improper Restriction of Excessive Authentication Attempts vulnerability in Stormshield Network Security An issue was discovered in Stormshield SNS through 4.2.1. | 7.5 |
| 2021-03-19 | CVE-2021-27506 | The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. | 5.5 |
| 2021-03-02 | CVE-2021-3384 | Unspecified vulnerability in Stormshield Network Security A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. | 5.3 |
| 2020-04-13 | CVE-2020-8430 | Open Redirect vulnerability in Stormshield Network Security Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. | 6.1 |