Stormshield Network Security
by Stormshield
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8474 | Med | 0.34 | 5.3 | — | Jun 1, 2026 | A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.8.0 to 4.8.15, * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the… | ||
| CVE-2023-41165 | 0.00 | — | 0.01 | Dec 25, 2023 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a… | |||
| CVE-2022-23989 | 0.00 | — | 0.00 | Mar 15, 2022 | In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all… | |||
| CVE-2021-3398 | 0.00 | — | 0.00 | Feb 10, 2022 | Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | |||
| CVE-2021-31617 | 0.00 | — | 0.03 | Jan 31, 2022 | In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | |||
| CVE-2021-45885 | 0.00 | — | 0.00 | Dec 29, 2021 | An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. |
- risk 0.34cvss 5.3epss —
A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.8.0 to 4.8.15, * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the…
- CVE-2023-41165Dec 25, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a…
- CVE-2022-23989Mar 15, 2022risk 0.00cvss —epss 0.00
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all…
- CVE-2021-3398Feb 10, 2022risk 0.00cvss —epss 0.00
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
- CVE-2021-31617Jan 31, 2022risk 0.00cvss —epss 0.03
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
- CVE-2021-45885Dec 29, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.