Starwindsoftware Starwind San Nas vulnerabilities

5 known vulnerabilities affecting starwindsoftware/starwind_san_nas.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-32268HIGHCVSS 8.8v0.22022-06-03
CVE-2022-32268 [HIGH] CVE-2022-32268: StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in St StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo
nvd
CVE-2021-43527CRITICALCVSS 9.8vv8r132021-12-08
CVE-2021-43527 [CRITICAL] CWE-787 CVE-2021-43527: NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overfl NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.50
nvd
CVE-2021-42739MEDIUMCVSS 6.7vv8r122021-10-20
CVE-2021-42739 [MEDIUM] CWE-787 CVE-2021-42739: The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/ The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
nvd
CVE-2020-36385HIGHCVSS 7.8vv8r122021-06-07
CVE-2020-36385 [HIGH] CWE-416 CVE-2020-36385: An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-af An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
nvd
CVE-2020-25704MEDIUMCVSS 5.5vv8r122020-12-02
CVE-2020-25704 [MEDIUM] CWE-401 CVE-2020-25704: A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if usin A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
nvd