Vulnerabilities (CVE)

Filtered by vendor Starwindsoftware Subscribe
Filtered by product Command Center
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-4034 7 Canonical, Oracle, Polkit Project and 4 more 32 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 29 more 2024-06-28 7.2 HIGH 7.8 HIGH
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVE-2022-23858 1 Starwindsoftware 1 Command Center 2024-02-28 9.0 HIGH 8.8 HIGH
A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2.
CVE-2020-25704 3 Debian, Linux, Starwindsoftware 6 Debian Linux, Linux Kernel, Command Center and 3 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
CVE-2019-20807 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2024-02-28 4.6 MEDIUM 5.3 MEDIUM
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).