SNS
by Sencha
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28616 | 0.00 | — | 0.00 | Dec 26, 2023 | An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and… | |||
| CVE-2023-34198 | 0.00 | — | 0.01 | Dec 25, 2023 | In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in… | |||
| CVE-2020-11711 | 0.00 | — | 0.00 | Aug 25, 2023 | An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin… | |||
| CVE-2021-28096 | 0.00 | — | 0.01 | Jan 27, 2022 | An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | |||
| CVE-2021-28127 | 0.00 | — | 0.01 | Jul 1, 2021 | An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | |||
| CVE-2021-28665 | 0.00 | — | 0.01 | May 6, 2021 | Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | |||
| CVE-2012-1237 | 0.00 | — | 0.01 | Apr 6, 2012 | Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2006-6413 | 0.00 | — | 0.01 | Dec 10, 2006 | Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- CVE-2023-28616Dec 26, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and…
- CVE-2023-34198Dec 25, 2023risk 0.00cvss —epss 0.01
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in…
- CVE-2020-11711Aug 25, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin…
- CVE-2021-28096Jan 27, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
- CVE-2021-28127Jul 1, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
- CVE-2021-28665May 6, 2021risk 0.00cvss —epss 0.01
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
- CVE-2012-1237Apr 6, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2006-6413Dec 10, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.