VYPR
Vendor

Stormshield

Products
6
CVEs
37
Across products
40
Status
Private

Products

6

Recent CVEs

37
View all 37 CVEs →
  • CVE-2025-27829HigApr 1, 2025
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing…

  • CVE-2026-8474MedJun 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was discovered on Stormshield Network Security  * 4.3.0 to 4.3.41,  * 4.8.0 to 4.8.15,  * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the…

  • CVE-2024-37386MedJul 15, 2024
    risk 0.27cvss 4.2epss 0.00

    An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2.

  • CVE-2024-31946MedJul 15, 2024
    risk 0.27cvss 4.2epss 0.00

    An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing…

  • CVE-2025-48707Sep 25, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing.

  • CVE-2023-28616Dec 26, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and…

  • CVE-2023-47091Dec 25, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.

  • CVE-2023-34198Dec 25, 2023
    risk 0.00cvss epss 0.01

    In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in…

  • CVE-2023-41165Dec 25, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a…

  • CVE-2023-47093Dec 20, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.

  • CVE-2023-41166Dec 20, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access…

  • CVE-2023-26095Aug 28, 2023
    risk 0.00cvss epss 0.01

    ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.

  • CVE-2021-27932Aug 25, 2023
    risk 0.00cvss epss 0.00

    Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.

  • CVE-2023-35800Jun 27, 2023
    risk 0.00cvss epss 0.00

    Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to…

  • CVE-2023-35799Jun 27, 2023
    risk 0.00cvss epss 0.00

    Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.

  • CVE-2022-27812Aug 24, 2022
    risk 0.00cvss epss 0.01

    Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.

  • CVE-2022-30279May 12, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus…

  • CVE-2022-23989Mar 15, 2022
    risk 0.00cvss epss 0.01

    In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all…

  • CVE-2021-37613Feb 10, 2022
    risk 0.00cvss epss 0.00

    Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.

  • CVE-2021-3398Feb 10, 2022
    risk 0.00cvss epss 0.01

    Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.