Product:

Starwind_virtual_san

(Starwindsoftware)
Repositories https://github.com/kyz/libmspack
#Vulnerabilities 23
Date Id Summary Products Score Patch Annotated
2018-04-10 CVE-2018-3839 An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Debian_linux, Sdl_image, Starwind_virtual_san 8.8
2018-04-10 CVE-2018-3837 An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability. Debian_linux, Sdl_image, Starwind_virtual_san 5.5
2018-10-23 CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Cabextract, Ubuntu_linux, Debian_linux, Libmspack, Enterprise_linux, Starwind_virtual_san, Linux_enterprise_server 6.5
2018-10-23 CVE-2018-18585 chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). Ubuntu_linux, Debian_linux, Libmspack, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Starwind_virtual_san, Linux_enterprise_server 4.3
2020-08-19 CVE-2020-24394 In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. Ubuntu_linux, Linux_kernel, Leap, Sd\-Wan_edge, Starwind_virtual_san 7.1
2020-09-17 CVE-2020-0427 In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 Debian_linux, Android, Leap, Starwind_virtual_san 5.5
2020-12-02 CVE-2020-25656 A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. Debian_linux, Linux_kernel, Enterprise_linux, Starwind_virtual_san 4.1
2020-12-02 CVE-2020-25704 A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. Debian_linux, Linux_kernel, Command_center, Starwind_hyperconverged_appliance, Starwind_san_\&_nas, Starwind_virtual_san 5.5
2021-06-07 CVE-2020-36385 An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. Linux_kernel, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Starwind_san_\&_nas, Starwind_virtual_san 7.8
2021-04-14 CVE-2020-36322 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. Debian_linux, Linux_kernel, Starwind_virtual_san 5.5