CVE-2021-3384
- EPSS 0.38%
- Veröffentlicht 02.03.2021 18:15:15
- Zuletzt bearbeitet 21.11.2024 06:21:23
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7...
CVE-2020-7466
- EPSS 1.75%
- Veröffentlicht 06.10.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:37:12
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.
CVE-2020-7465
- EPSS 3.03%
- Veröffentlicht 06.10.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:37:11
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
CVE-2020-8430
- EPSS 0.25%
- Veröffentlicht 13.04.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:38:50
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
CVE-2018-20850
- EPSS 0.13%
- Veröffentlicht 04.07.2019 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:02:18
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.