NotCVE - vendor:"Stormshield" product:"Stormshield Network Security" version:" >= 3.11.0

Page 2 of 14 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-28096

https://notcve.org/view.php?id=CVE-2021-28096

27 Jan 2022 — An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. Se ha detectado un problema en Stormshield SNS versiones anteriores a 4.2.3 (cuando es usado el proxy). Un atacante puede saturar la tabla de conexiones del proxy. • https://advisories.stormshield.eu/2021-005 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 4%CPEs: 60EXPL: 2

CVE-2002-20001

https://notcve.org/view.php?id=CVE-2002-20001

11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-28127

https://notcve.org/view.php?id=CVE-2021-28127

01 Jul 2021 — An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. Se ha detectado un problema en Stormshield SNS versiones hasta 4.2.1. Puede ocurrir un ataque de fuerza bruta • https://advisories.stormshield.eu • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-8430

https://notcve.org/view.php?id=CVE-2020-8430

13 Apr 2020 — Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. Los dispositivos Stormshield Network Security versión 310 3.7.10, presentan una vulnerabilidad de Redireccionamiento Abierto de auth/lang.html?rurl= en el portal cautivo. • https://advisories.stormshield.eu/2020-001 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

1 2