Latest stormshield stormshield network security Vulnerabilities

CVE-2023-41166
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if...
Stormshield Stormshield Network Security>=3.7.0<=3.7.39
Stormshield Stormshield Network Security>=3.11.0<=3.11.27
Stormshield Stormshield Network Security>=4.3.0<4.3.23
Stormshield Stormshield Network Security>=4.6.0<4.6.10
Stormshield Stormshield Network Security>=4.7.0<4.7.2
CVE-2023-47093
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.
Stormshield Stormshield Network Security>=4.0.0<4.3.22
Stormshield Stormshield Network Security>=4.4.0<4.6.9
Stormshield Stormshield Network Security=4.7.0
CVE-2020-11711
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel....
Stormshield Stormshield Network Security>=3.6.0<3.7.13
Stormshield Stormshield Network Security>=3.8.0<3.11.0
Stormshield Stormshield Network Security>=4.0.0<4.1.1
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0....
Cisco Secure Endpoint<1.20.2
Cisco Secure Endpoint<1.21.1
Cisco Secure Endpoint<7.5.9
Cisco Secure Endpoint>=8.0.1.21160<8.1.5
Cisco Secure Endpoint Private Cloud<3.6.0
Clamav Clamav<=0.103.7
and 8 more
CVE-2023-20032
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earl...
Cisco Secure Endpoint<1.20.2
Cisco Secure Endpoint<1.21.1
Cisco Secure Endpoint<7.5.9
Cisco Secure Endpoint>=8.0.1.21160<8.1.5
Cisco Secure Endpoint Private Cloud<3.6.0
Cisco Web Security Appliance<12.5.6
and 12 more
CVE-2022-4450
Double free after calling PEM_read_bio_ex
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
redhat/openssl<1:1.1.1k-9.el8_6
redhat/openssl<1:3.0.1-47.el9_1
and 24 more
CVE-2022-4304
Timing Oracle in RSA Decryption
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
redhat/edk2<0:20220126gitbb1bba3d77-2.el8_6.1
redhat/openssl<1:1.1.1k-9.el8_6
and 31 more
CVE-2023-0286
X.400 address type confusion in X.509 GeneralName
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
redhat/openssl<0:1.0.1e-61.el6_10
redhat/openssl<1:1.0.2k-26.el7_9
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
and 40 more
CVE-2022-40617
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL tha...
Strongswan Strongswan<5.9.8
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=22.04
and 6 more
CVE-2022-37434
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call in...
redhat/zlib<0:1.2.7-21.el7_9
redhat/zlib<0:1.2.11-19.el8_6
redhat/rsync<0:3.1.3-19.el8
redhat/zlib<0:1.2.11-32.el9_0
redhat/rsync<0:3.2.3-18.el9
debian/zlib<=1:1.2.11.dfsg-1<=1:1.2.11.dfsg-4<=1:1.2.11.dfsg-2+deb11u1
and 63 more
CVE-2021-3398
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
Stormshield Stormshield Network Security>=3.0.0<=3.7.24
Stormshield Stormshield Network Security>=3.8.0<=3.11.12
CVE-2021-31814
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
Stormshield Stormshield Network Security>=2.1.0<=2.9.0
Stormshield Stormshield Network Security=1.1.0
CVE-2021-37613
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
Stormshield Stormshield Network Security>=1.0.0<=1.6.1
Stormshield Stormshield Network Security>=2.0.0<=2.7.8
Stormshield Stormshield Network Security>=2.8.0<=2.16.0
Stormshield Stormshield Network Security>=3.0.0<=3.7.24
Stormshield Stormshield Network Security>3.8.0<=3.11.12
Stormshield Stormshield Network Security>4.0.0<=4.2.7
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...
Balasys Dheater
SUSE Linux Enterprise Server=15
SUSE Linux Enterprise Server=11
SUSE Linux Enterprise Server=12
F5 BIG-IQ Centralized Management=7.1.0
F5 BIG-IQ Centralized Management>=8.0.0<=8.2.0
and 80 more
CVE-2021-28127
Stormshield Stormshield Network Security>=2.0.0<=2.7.9
Stormshield Stormshield Network Security>=2.8.0<=2.16.0
Stormshield Stormshield Network Security>=3.0.0<=3.7.19
Stormshield Stormshield Network Security>=3.8.0<=3.11.7
Stormshield Stormshield Network Security>=4.0.0<=4.1.5
Stormshield Stormshield Network Security=4.2.1
CVE-2020-7466
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would r...
Mpd Project Mpd<5.9
Stormshield Stormshield Network Security>=4.0.0<4.3.17
Stormshield Stormshield Network Security=4.4.0
CVE-2020-7465
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of servic...
Mpd Project Mpd<5.9
Stormshield Stormshield Network Security>=4.0.0<4.3.17
Stormshield Stormshield Network Security=4.4.0
CVE-2020-8430
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=htt...
Stormshield Stormshield Network Security>=3.0.0<=3.7.10
Stormshield Stormshield Network Security>=3.8.0<=3.10.0
Stormshield Stormshield Network Security>=4.0.0<=4.0.1
CVE-2018-20850
Stormshield Stormshield Network Security>=2.0.0<=2.13.0
Stormshield Stormshield Network Security>=3.0.0<=3.7.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203