Starwindsoftware Starwind Virtual San — known CVE vulnerabilities
Every CVE whose affected-product data names Starwindsoftware Starwind Virtual San, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2021-43527 — CVSS 9.8 (critical): NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or…
CVE-2018-3839 — CVSS 8.8 (high): An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A…
CVE-2021-42574 — CVSS 8.3 (high): An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of…
CVE-2020-36385 — CVSS 7.8 (high): An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via…
CVE-2020-14409 — CVSS 7.8 (high): SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in…
CVE-2020-25643 — CVSS 7.2 (high): A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by…
CVE-2020-24394 — CVSS 7.1 (high): In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the…
CVE-2021-20271 — CVSS 7.0 (high): A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim…
CVE-2021-41617 — CVSS 7.0 (high): sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because…
CVE-2021-42739 — CVSS 6.7 (medium): The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and…
CVE-2018-18584 — CVSS 6.5 (medium): In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal…
CVE-2021-37750 — CVSS 6.5 (medium): The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in…
CVE-2018-16758 — CVSS 5.9 (medium): Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the…
CVE-2020-36322 — CVSS 5.5 (medium): An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr()…
CVE-2020-0427 — CVSS 5.5 (medium): In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information…
CVE-2020-25704 — CVSS 5.5 (medium): A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local…
CVE-2018-3837 — CVSS 5.5 (medium): An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer…
CVE-2020-14314 — CVSS 5.5 (medium): A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a…
CVE-2018-18585 — CVSS 4.3 (medium): chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as…
CVE-2020-25656 — CVSS 4.1 (medium): A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT…
CVE-2018-16738 — CVSS 3.7 (low): tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.