Skip to main content

Starwind Virtual San

19 CVEs product

Monthly

CVE-2021-43527 CRITICAL PATCH Act Now

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla Nss Nss Esr +8
NVD
CVSS 3.1
9.8
EPSS
17.6%
CVE-2021-42574 HIGH POC THREAT This Week

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Code Injection Unicode Fedora Starwind Virtual San
NVD
CVSS 3.1
8.3
EPSS
12.2%
CVE-2021-42739 MEDIUM PATCH This Month

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-41617 HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh Fedora Active Iq Unified Manager +9
NVD VulDB
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-37750 MEDIUM PATCH This Month

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 Fedora Debian Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-20271 HIGH PATCH This Week

A flaw was found in RPM's signature check functionality when reading a package file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Rpm Enterprise Linux Fedora Starwind Virtual San
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-25704 MEDIUM PATCH This Month

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Command Center +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-25656 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 4.1). Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2020-25643 HIGH PATCH This Week

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Linux Linux Kernel Enterprise Linux +4
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2020-0427 MEDIUM PATCH This Month

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Denial Of Service Information Disclosure Android +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-14314 MEDIUM PATCH This Month

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-24394 HIGH PATCH This Week

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Linux Information Disclosure Linux Kernel Ubuntu Linux Leap +2
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2018-18585 MEDIUM POC PATCH This Month

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libmspack Debian Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.1
4.3
EPSS
3.1%
CVE-2018-18584 MEDIUM PATCH This Month

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Cabextract Libmspack Debian Linux +4
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-16758 MEDIUM This Month

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Tinc Debian Linux Starwind Virtual San
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2018-16738 LOW Monitor

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Tinc Debian Linux Starwind Virtual San
NVD
CVSS 3.1
3.7
EPSS
1.4%
CVE-2018-16737 MEDIUM This Month

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tinc Starwind Virtual San
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2018-3839 HIGH POC This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Sdl Image Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-3837 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Sdl Image Debian Linux Starwind Virtual San
NVD
CVSS 3.1
5.5
EPSS
1.2%
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla +10
NVD
EPSS 12% CVSS 8.3
HIGH POC THREAT This Week

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Code Injection Unicode +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh +11
NVD VulDB
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 +4
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A flaw was found in RPM's signature check functionality when reading a package file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Rpm Enterprise Linux +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +5
NVD
EPSS 0% CVSS 4.1
MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 4.1). Public exploit code available.

Use After Free Linux Memory Corruption +5
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Denial Of Service +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Information Disclosure +4
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Linux Information Disclosure Linux Kernel +4
NVD
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libmspack +7
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Cabextract +6
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM This Month

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Tinc Debian Linux +1
NVD
EPSS 1% CVSS 3.7
LOW Monitor

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Tinc Debian Linux +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tinc Starwind Virtual San
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Sdl Image +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy