Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
starwindsoftware san vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-24551
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS ...
Starwindsoftware Nas
Starwindsoftware San
9.8
CVSSv3
CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that wi...
Starwindsoftware Nas
Starwindsoftware San
7.5
CVSSv3
CVE-2007-20001
A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20.
Starwindsoftware Iscsi San
9.8
CVSSv3
CVE-2013-20004
A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Win...
Starwindsoftware Iscsi San
5.5
CVSSv3
CVE-2020-25704
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
Linux Linux Kernel 5.10
Linux Linux Kernel
Debian Debian Linux 9.0
Starwindsoftware Starwind San \\& Nas V8r12
Starwindsoftware Command Center -
Starwindsoftware Starwind Virtual San V8
Starwindsoftware Starwind Hyperconverged Appliance -
1 Github repository
8.8
CVSSv3
CVE-2022-32268
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-roo...
Starwindsoftware Starwind San \\& Nas 0.2
5.3
CVSSv3
CVE-2018-16737
tinc prior to 1.0.30 has a broken authentication protocol, without even a partial mitigation.
Tinc-vpn Tinc
Starwindsoftware Starwind Virtual San V8
7.8
CVSSv3
CVE-2020-36385
An issue exists in the Linux kernel prior to 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
Linux Linux Kernel
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Starwindsoftware Starwind San \\& Nas V8r12
Starwindsoftware Starwind Virtual San V8
5.9
CVSSv3
CVE-2018-16758
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and previous versions allows a man-in-the-middle attack to disable the encryption of VPN packets.
Tinc-vpn Tinc
Debian Debian Linux 9.0
Starwindsoftware Starwind Virtual San V8
3.7
CVSSv3
CVE-2018-16738
tinc 1.0.30 up to and including 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
Tinc-vpn Tinc
Debian Debian Linux 9.0
Starwindsoftware Starwind Virtual San V8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »