CVE-2022-37434
- EPSS 15.93%
- Veröffentlicht 05.08.2022 07:15:07
- Zuletzt bearbeitet 30.05.2025 20:15:30
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib s...
CVE-2022-30279
- EPSS 0.92%
- Veröffentlicht 12.05.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 07:02:29
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability ...
CVE-2022-23989
- EPSS 0.89%
- Veröffentlicht 15.03.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 06:49:36
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in...
CVE-2021-3398
- EPSS 0.92%
- Veröffentlicht 10.02.2022 17:15:09
- Zuletzt bearbeitet 21.11.2024 06:21:24
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
CVE-2021-37613
- EPSS 0.41%
- Veröffentlicht 10.02.2022 17:15:09
- Zuletzt bearbeitet 21.11.2024 06:15:31
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
CVE-2021-31814
- EPSS 0.2%
- Veröffentlicht 10.02.2022 17:15:09
- Zuletzt bearbeitet 21.11.2024 06:06:17
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
CVE-2021-31617
- EPSS 2.09%
- Veröffentlicht 31.01.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:06:02
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
CVE-2021-28962
- EPSS 1.16%
- Veröffentlicht 31.01.2022 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:00:27
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
CVE-2021-28096
- EPSS 0.89%
- Veröffentlicht 27.01.2022 14:15:07
- Zuletzt bearbeitet 21.11.2024 05:59:05
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
CVE-2002-20001
- EPSS 23.06%
- Veröffentlicht 11.11.2021 19:15:07
- Zuletzt bearbeitet 22.08.2025 10:33:16
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ate...