Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (63 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-7465 2 Mpd Project, Stormshield 2 Mpd, Stormshield Network Security 2024-11-21 9.8 Critical
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
CVE-2020-11711 1 Stormshield 1 Stormshield Network Security 2024-11-21 4.8 Medium
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.
CVE-2018-20850 1 Stormshield 1 Stormshield Network Security 2024-11-21 N/A
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.