Filtered by vendor Starwindsoftware Subscriptions
Filtered by product Command Center Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-23858 1 Starwindsoftware 1 Command Center 2024-11-21 8.8 High
A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2.
CVE-2021-4034 7 Canonical, Oracle, Polkit Project and 4 more 37 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 34 more 2024-11-21 7.8 High
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVE-2020-25704 4 Debian, Linux, Redhat and 1 more 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more 2024-11-21 5.5 Medium
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
CVE-2019-20807 7 Apple, Canonical, Debian and 4 more 8 Mac Os X, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 5.3 Medium
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).