Starwindsoftware Starwind_virtual_san
23 CVEs affecting Starwindsoftware Starwind_virtual_san. Latest disclosed: 2022-01-28. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43527 | Critical | 9.8 | 2021-12-08 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. App… |
CVE-2018-3839 | High | 8.8 | 2018-04-10 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted X… |
CVE-2021-42574 | High | 8.3 | 2021-11-01 | An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control se… |
CVE-2021-4034 | High | 7.8 | 2022-01-28 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users t… |
CVE-2020-36385 | High | 7.8 | 2021-06-07 | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in som… |
CVE-2020-14409 | High | 7.8 | 2021-01-19 | SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a… |
CVE-2020-25643 | High | 7.2 | 2020-10-06 | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input valid… |
CVE-2020-24394 | High | 7.1 | 2020-08-19 | In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL suppo… |
CVE-2021-41617 | High | 7.0 | 2021-09-26 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not i… |
CVE-2021-20271 | High | 7.0 | 2021-03-26 | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemin… |
CVE-2021-42739 | Medium | 6.7 | 2021-10-20 | The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/fir… |
CVE-2021-37750 | Medium | 6.5 | 2021-08-23 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a… |
CVE-2018-18584 | Medium | 6.5 | 2018-10-23 | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading… |
CVE-2018-16758 | Medium | 5.9 | 2018-10-10 | Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN p… |
CVE-2020-36322 | Medium | 5.5 | 2021-04-14 | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode()… |
CVE-2020-25704 | Medium | 5.5 | 2020-12-02 | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this fl… |
CVE-2020-0427 | Medium | 5.5 | 2020-09-17 | In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional… |
CVE-2020-14314 | Medium | 5.5 | 2020-09-15 | A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken in… |
CVE-2018-3837 | Medium | 5.5 | 2018-04-10 | An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially c… |
CVE-2018-16737 | Medium | 5.3 | 2018-10-10 | tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. |