Vulnerabilities (CVE)

Filtered by vendor Starwindsoftware Subscribe
Filtered by product Starwind San \& Nas
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-42739 5 Debian, Fedoraproject, Linux and 2 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2024-03-24 4.6 MEDIUM 6.7 MEDIUM
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
CVE-2022-32268 1 Starwindsoftware 1 Starwind San \& Nas 2024-02-28 9.0 HIGH 8.8 HIGH
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges.
CVE-2021-43527 4 Mozilla, Netapp, Oracle and 1 more 10 Nss, Nss Esr, Cloud Backup and 7 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
CVE-2020-36385 3 Linux, Netapp, Starwindsoftware 19 Linux Kernel, H300e, H300e Firmware and 16 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
CVE-2020-25704 3 Debian, Linux, Starwindsoftware 6 Debian Linux, Linux Kernel, Command Center and 3 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.