Vulnerabilities > Starwindsoftware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-15 | CVE-2020-14314 | Out-of-bounds Read vulnerability in multiple products A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. | 5.5 |
| 2020-08-19 | CVE-2020-24394 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. | 7.1 |
| 2020-05-28 | CVE-2019-20807 | OS Command Injection vulnerability in multiple products In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | 4.6 |
| 2018-10-23 | CVE-2018-18585 | NULL Pointer Dereference vulnerability in multiple products chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | 4.3 |
| 2018-10-23 | CVE-2018-18584 | Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. network low complexity libmspack-project cabextract-project debian redhat canonical suse starwindsoftware CWE-787 | 6.5 |
| 2018-10-10 | CVE-2018-16758 | Missing Authentication for Critical Function vulnerability in multiple products Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | 5.9 |
| 2018-10-10 | CVE-2018-16738 | Improper Authentication vulnerability in multiple products tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. | 3.7 |
| 2018-10-10 | CVE-2018-16737 | Improper Authentication vulnerability in multiple products tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. | 5.3 |
| 2018-04-10 | CVE-2018-3839 | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. | 8.8 |
| 2018-04-10 | CVE-2018-3837 | Out-of-bounds Read vulnerability in multiple products An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. | 5.5 |