CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26095
https://notcve.org/view.php?id=CVE-2023-26095
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet. • https://advisories.stormshield.eu/2023-007 •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11711
https://notcve.org/view.php?id=CVE-2020-11711
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. • https://advisories.stormshield.eu/2020-011 https://twitter.com/_ACKNAK_ https://www.digitemis.com/category/blog/actualite • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27932
https://notcve.org/view.php?id=CVE-2021-27932
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-004 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46782
https://notcve.org/view.php?id=CVE-2022-46782
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. • https://advisories.stormshield.eu/2022-028 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35800
https://notcve.org/view.php?id=CVE-2023-35800
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. • https://advisories.stormshield.eu https://advisories.stormshield.eu/2023-021 • CWE-732: Incorrect Permission Assignment for Critical Resource •