CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28616
https://notcve.org/view.php?id=CVE-2023-28616
26 Dec 2023 — An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. Se descubrió un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya co... • https://advisories.stormshield.eu/2023-006 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27812
https://notcve.org/view.php?id=CVE-2022-27812
24 Aug 2022 — Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. Inundar las versiones 3.7.0 a 3.7.29, 3.11.0 a 3.11.17, 4.2.0 a 4.2.10, y 4.3.0 a 4.3.6 del cortafuegos SNS con tráfico forjado específico, puede conducir a un DoS SNS • https://advisories.stormshield.eu/2022-009 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23989
https://notcve.org/view.php?id=CVE-2022-23989
15 Mar 2022 — In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. En Stormshield Network Security (SNS) antes de la versión 3.7.25, de la 3.8.x a la 3.... • https://advisories.stormshield.eu/2022-003 •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2021-31617
https://notcve.org/view.php?id=CVE-2021-31617
31 Jan 2022 — In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. En ASQ en Stormshield Network Security (SNS) versiones 1.0.0 hasta 2.7.8, 2.8.0 hasta 2.16.0, 3.0.0 hasta 3.7.20, 3.8.0 hasta 3.11.8, y 4.0.1 hasta 4.2.2, un manejo inapropiado de la memoria puede conllevar a una ejecución de código remota • https://advisories.stormshield.eu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28962
https://notcve.org/view.php?id=CVE-2021-28962
31 Jan 2022 — Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. Stormshield Network Security (SNS) versiones anteriores a 4.2.2, permite que un administrador de sólo lectura obtenga privilegios por medio de comandos CLI • https://advisories.stormshield.eu •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22703
https://notcve.org/view.php?id=CVE-2022-22703
17 Jan 2022 — In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. En Stormshield SSO Agent 2.x versiones anteriores a 2.1.1 y versiones 3.x anteriores a 3.0.2, la contraseña de usuario en texto sin cifrar y el PSK están contenidos en el archivo de registro del instalador .exe • https://advisories.stormshield.eu/2022-001 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-28665
https://notcve.org/view.php?id=CVE-2021-28665
06 May 2021 — Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. Stormshield SNS con versiones anteriores a 3.7.18, 3.11.6 y 4.1.6, presenta un fallo de administración de la memoria en el plugin SNMP que puede conllevar a un consumo excesivo de la memoria y recursos de CPU, y posiblemente a una denegación de servicio • https://advisories-admin.stormshield.eu/2021-014 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27506
https://notcve.org/view.php?id=CVE-2021-27506
19 Mar 2021 — The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1. El componente ClamAV Engine (versión 0.103.1 e inferior) incrustado en Storsmshield Network Security (SNS) está sujeto a DoS en caso de analizar archivos png malformados. Esto afecta a las versiones 9.1.0 a 9.1.11 de ... • https://advisories.stormshield.eu/2021-003 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3384
https://notcve.org/view.php?id=CVE-2021-3384
02 Mar 2021 — A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0. Una vulnerabilidad en Stormshield Network Security, podría permitir a un atacante desencadenar una protección relacionada a una adminis... • https://advisories.stormshield.eu/2020-049 •