Filtered by vendor Starwindsoftware Subscriptions
Total 30 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-20807 7 Apple, Canonical, Debian and 4 more 8 Mac Os X, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 5.3 Medium
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
CVE-2018-3839 3 Debian, Libsdl, Starwindsoftware 3 Debian Linux, Sdl Image, Starwind Virtual San 2024-11-21 8.8 High
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2018-3837 3 Debian, Libsdl, Starwindsoftware 3 Debian Linux, Sdl Image, Starwind Virtual San 2024-11-21 5.5 Medium
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2018-18585 6 Canonical, Debian, Kyzer and 3 more 9 Ubuntu Linux, Debian Linux, Libmspack and 6 more 2024-11-21 4.3 Medium
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
CVE-2018-18584 7 Cabextract Project, Canonical, Debian and 4 more 7 Cabextract, Ubuntu Linux, Debian Linux and 4 more 2024-11-21 6.5 Medium
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVE-2018-16758 3 Debian, Starwindsoftware, Tinc-vpn 3 Debian Linux, Starwind Virtual San, Tinc 2024-11-21 5.9 Medium
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
CVE-2018-16738 3 Debian, Starwindsoftware, Tinc-vpn 3 Debian Linux, Starwind Virtual San, Tinc 2024-11-21 3.7 Low
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
CVE-2018-16737 2 Starwindsoftware, Tinc-vpn 2 Starwind Virtual San, Tinc 2024-11-21 5.3 Medium
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
CVE-2013-20004 1 Starwindsoftware 1 Iscsi San 2024-11-21 9.8 Critical
A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16.
CVE-2007-20001 1 Starwindsoftware 1 Iscsi San 2024-11-21 7.5 High
A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20.