Filtered by vendor Stormshield
Subscriptions
Total
57 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-45885 | 1 Stormshield | 1 Network Security | 2024-08-04 | 7.5 High |
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. | ||||
CVE-2021-45091 | 1 Stormshield | 1 Endpoint Security | 2024-08-04 | 4.3 Medium |
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | ||||
CVE-2021-45090 | 1 Stormshield | 1 Endpoint Security | 2024-08-04 | 9.8 Critical |
Stormshield Endpoint Security before 2.1.2 allows remote code execution. | ||||
CVE-2021-45089 | 1 Stormshield | 1 Endpoint Security | 2024-08-04 | 5.2 Medium |
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | ||||
CVE-2021-37613 | 1 Stormshield | 1 Stormshield Network Security | 2024-08-04 | 6.5 Medium |
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | ||||
CVE-2021-35957 | 1 Stormshield | 1 Endpoint Security | 2024-08-04 | 6.7 Medium |
Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | ||||
CVE-2021-31814 | 1 Stormshield | 1 Stormshield Network Security | 2024-08-03 | 6.1 Medium |
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | ||||
CVE-2021-31220 | 1 Stormshield | 1 Endpoint Security | 2024-08-03 | 5.2 Medium |
SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. | ||||
CVE-2021-31221 | 1 Stormshield | 1 Endpoint Security | 2024-08-03 | 5.7 Medium |
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. | ||||
CVE-2021-31223 | 1 Stormshield | 1 Endpoint Security | 2024-08-03 | 5.7 Medium |
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. | ||||
CVE-2021-31222 | 1 Stormshield | 1 Endpoint Security | 2024-08-03 | 5.7 Medium |
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. | ||||
CVE-2021-31225 | 1 Stormshield | 1 Endpoint Security | 2024-08-03 | 7.3 High |
SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | ||||
CVE-2021-31224 | 1 Stormshield | 1 Endpoint Security | 2024-08-03 | 3.5 Low |
SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. | ||||
CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2024-08-03 | 7.5 High |
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | ||||
CVE-2021-28096 | 1 Stormshield | 1 Stormshield Network Security | 2024-08-03 | 5.3 Medium |
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | ||||
CVE-2021-3398 | 1 Stormshield | 1 Stormshield Network Security | 2024-08-03 | 5.8 Medium |
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | ||||
CVE-2022-40617 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-03 | 7.5 High |
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | ||||
CVE-2022-37434 | 7 Apple, Debian, Fedoraproject and 4 more | 24 Ipados, Iphone Os, Macos and 21 more | 2024-08-03 | 9.8 Critical |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | ||||
CVE-2022-32215 | 7 Debian, Fedoraproject, Llhttp and 4 more | 9 Debian Linux, Fedora, Llhttp and 6 more | 2024-08-03 | 6.5 Medium |
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). | ||||
CVE-2022-32213 | 7 Debian, Fedoraproject, Llhttp and 4 more | 9 Debian Linux, Fedora, Llhttp and 6 more | 2024-08-03 | 6.5 Medium |
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). |