Vulnerabilities > Starwindsoftware

DATE CVE VULNERABILITY TITLE RISK
2020-09-15 CVE-2020-14314 A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing.
local
low complexity
linux debian canonical starwindsoftware
5.5
2020-08-19 CVE-2020-24394 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131.
7.1
2020-05-28 CVE-2019-20807 OS Command Injection vulnerability in multiple products
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
5.3
2018-10-23 CVE-2018-18585 NULL Pointer Dereference vulnerability in multiple products
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
4.3
2018-10-23 CVE-2018-18584 Out-of-bounds Write vulnerability in multiple products
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
6.5
2018-10-10 CVE-2018-16758 Missing Authentication for Critical Function vulnerability in multiple products
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
network
high complexity
tinc-vpn debian starwindsoftware CWE-306
5.9
2018-10-10 CVE-2018-16738 Improper Authentication vulnerability in multiple products
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation.
network
high complexity
tinc-vpn debian starwindsoftware CWE-287
3.7
2018-10-10 CVE-2018-16737 Improper Authentication vulnerability in multiple products
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
network
low complexity
tinc-vpn starwindsoftware CWE-287
5.3
2018-04-10 CVE-2018-3839 Out-of-bounds Write vulnerability in multiple products
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2.
network
low complexity
libsdl debian starwindsoftware CWE-787
8.8
2018-04-10 CVE-2018-3837 Out-of-bounds Read vulnerability in multiple products
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2.
local
low complexity
libsdl debian starwindsoftware CWE-125
5.5