Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stormshield network security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-11711
An issue exists in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It i...
Stormshield Stormshield Network Security
NA
CVE-2023-41166
An issue exists in Stormshield Network Security (SNS) 3.7.0 up to and including 3.7.39, 3.11.0 up to and including 3.11.27, 4.3.0 up to and including 4.3.22, 4.6.0 up to and including 4.6.9, and 4.7.0 up to and including 4.7.1. It's possible to know if a specific user accoun...
Stormshield Stormshield Network Security
5.8
CVSSv2
CVE-2020-8430
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
Stormshield Stormshield Network Security
2.9
CVSSv2
CVE-2021-37613
Stormshield Network Security (SNS) 1.0.0 up to and including 4.2.3 allows a Denial of Service.
Stormshield Stormshield Network Security
7.2
CVSSv2
CVE-2018-20850
Stormshield Network Security 2.0.0 up to and including 2.13.0 and 3.0.0 up to and including 3.7.1 has self-XSS in the command line interface of the SNS web server.
Stormshield Stormshield Network Security
NA
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This ...
Openssl Openssl
Stormshield Stormshield Network Security
Stormshield Stormshield Management Center
4 Github repositories
NA
CVE-2022-4450
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments a...
Openssl Openssl
Stormshield Stormshield Network Security
2 Github repositories
5
CVSSv2
CVE-2022-30279
An issue exists in Stormshield Network Security (SNS) 4.3.x prior to 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to ...
Stormshield Network Security
NA
CVE-2023-47091
An issue exists in Stormshield Network Security (SNS) SNS 4.3.13 up to and including 4.3.22 prior to 4.3.23, SNS 4.6.0 up to and including 4.6.9 prior to 4.6.10, and SNS 4.7.0 up to and including 4.7.1 prior to 4.7.2. An attacker can overflow the cookie threshold, making an IPsec...
Stormshield Network Security
4.3
CVSSv2
CVE-2021-45885
An issue exists in Stormshield Network Security (SNS) 4.2.2 up to and including 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
Stormshield Network Security
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »