Total
31 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40617 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | N/A | 7.5 HIGH |
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | |||||
CVE-2022-37434 | 6 Apple, Debian, Fedoraproject and 3 more | 21 Ipados, Iphone Os, Macos and 18 more | 2024-02-28 | N/A | 9.8 CRITICAL |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | |||||
CVE-2021-37613 | 1 Stormshield | 1 Stormshield Network Security | 2024-02-28 | 2.9 LOW | 6.5 MEDIUM |
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | |||||
CVE-2021-3398 | 1 Stormshield | 1 Stormshield Network Security | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | |||||
CVE-2021-31814 | 1 Stormshield | 1 Stormshield Network Security | 2024-02-28 | 3.6 LOW | 6.1 MEDIUM |
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | |||||
CVE-2021-28096 | 1 Stormshield | 1 Stormshield Network Security | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | |||||
CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | |||||
CVE-2020-7466 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition. | |||||
CVE-2020-7465 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | |||||
CVE-2020-8430 | 1 Stormshield | 1 Stormshield Network Security | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | |||||
CVE-2018-20850 | 1 Stormshield | 1 Stormshield Network Security | 2024-02-28 | 7.2 HIGH | 8.2 HIGH |
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. |