RSS   Vulnerabilities for 'Network security'   RSS

2022-05-12
 
CVE-2022-30279

CWE-476
 

 
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.

 
2022-01-31
 
CVE-2021-31617

CWE-119
 

 
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.

 
 
CVE-2021-28962

CWE-77
 

 
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.

 
2021-05-06
 
CVE-2021-28665

CWE-400
 

 
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.

 
2021-03-19
 
CVE-2021-27506

NVD-CWE-noinfo
 

 
The ClamAV Engine (Version 0.103.1 and below) embedded in Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of parsing of malformed png files.

 
2021-03-02
 
CVE-2021-3384

NVD-CWE-noinfo
 

 
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.

 

 >>> Vendor: Stormshield 3 Products
Endpoint security
Stormshield network security
Network security


Copyright 2024, cxsecurity.com

 

Back to Top