Vulnerabilities > Stormshield > Stormshield Network Security > 4.1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-31 | CVE-2021-28962 | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | 7.2 |
| 2022-01-27 | CVE-2021-28096 | Allocation of Resources Without Limits or Throttling vulnerability in Stormshield Network Security An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). | 5.3 |
| 2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |
| 2021-03-19 | CVE-2021-27506 | The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. | 5.5 |
| 2020-10-06 | CVE-2020-7466 | Out-of-bounds Read vulnerability in multiple products The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition. | 7.5 |
| 2020-10-06 | CVE-2020-7465 | Out-of-bounds Write vulnerability in multiple products The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | 9.8 |