Stormshield

Stormshield Network Security

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.94%
  • Veröffentlicht 01.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:59:08

An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.

  • EPSS 0.99%
  • Veröffentlicht 06.05.2021 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:00:03

Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.

  • EPSS 1.31%
  • Veröffentlicht 19.03.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:58:07

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This iss...

  • EPSS 1.02%
  • Veröffentlicht 02.03.2021 18:15:15
  • Zuletzt bearbeitet 21.11.2024 06:21:23

A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7...

Exploit
  • EPSS 1.98%
  • Veröffentlicht 06.10.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:37:12

The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.

Exploit
  • EPSS 2.95%
  • Veröffentlicht 06.10.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:37:11

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).

  • EPSS 0.92%
  • Veröffentlicht 13.04.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:50

Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.

  • EPSS 0.39%
  • Veröffentlicht 04.07.2019 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:02:18

Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.