Filtered by vendor Starwindsoftware
Subscriptions
Filtered by product San
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24552 | 1 Starwindsoftware | 2 Nas, San | 2024-11-21 | 9.8 Critical |
| A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633. | ||||
| CVE-2022-24551 | 1 Starwindsoftware | 2 Nas, San | 2024-11-21 | 8.8 High |
| A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633. | ||||
Page 1 of 1.