VYPR
Vendor

Stonesoft

Products
9
CVEs
7
Across products
21
Status
Private

Products

9

Recent CVEs

7
  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2004-0081Nov 23, 2004
    risk 0.01cvss epss 0.07

    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • CVE-2004-0112Nov 23, 2004
    risk 0.01cvss epss 0.10

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…

  • CVE-2009-2631Dec 4, 2009
    risk 0.00cvss epss 0.05

    Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other…

  • CVE-2007-5793Nov 1, 2007
    risk 0.00cvss epss 0.02

    Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.

  • CVE-2005-3672Nov 18, 2005
    risk 0.00cvss epss 0.02

    The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of…

  • CVE-2004-0498Dec 31, 2004
    risk 0.00cvss epss 0.01

    The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.