Starwindsoftware

Starwind Virtual San

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.1

CVE-2020-25656

Exploit
  • EPSS 0.01%
  • Veröffentlicht 02.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:22

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnera...

5.5

CVE-2020-25704

  • EPSS 0.06%
  • Veröffentlicht 02.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:31

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

7.5

CVE-2020-25643

  • EPSS 0.42%
  • Veröffentlicht 06.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:19

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial...

5.5

CVE-2020-0427

  • EPSS 0.1%
  • Veröffentlicht 17.09.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:53:30

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr...

5.5

CVE-2020-14314

  • EPSS 0.04%
  • Veröffentlicht 15.09.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:02:59

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The high...

7.1

CVE-2020-24394

  • EPSS 0.05%
  • Veröffentlicht 19.08.2020 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:14:44

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

4.3

CVE-2018-18585

Exploit
  • EPSS 1.46%
  • Veröffentlicht 23.10.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:12

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

6.5

CVE-2018-18584

  • EPSS 6.37%
  • Veröffentlicht 23.10.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:12

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

5.9

CVE-2018-16758

  • EPSS 0.16%
  • Veröffentlicht 10.10.2018 21:29:02
  • Zuletzt bearbeitet 21.11.2024 03:53:17

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.

4.3

CVE-2018-16738

  • EPSS 0.32%
  • Veröffentlicht 10.10.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 03:53:15

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.