CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password including system/administrator user using any available user This affects StarWind SAN and NAS v0.2 build 1633...

9CVSS6.8AI score0.00873EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:56 p.m.•10 views

CVE-2022-23858

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...

9CVSS6.8AI score0.01121EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:56 p.m.•6 views

CVE-2022-32268

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can injec...

9CVSS7.8AI score0.02091EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:29 p.m.•8 views

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

10CVSS6.9AI score0.01286EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 12:32 a.m.•7 views

CVE-2013-20004

A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN Windows Native Versio...

9.8CVSS6.7AI score0.01192EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 6:26 p.m.•6 views

CVE-2007-20001

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operations to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN Windows Native Version 3.2.2 build 2007-02-20...

7.5CVSS6.6AI score0.01072EPSS

Exploits0References1

OSV•added 2022/06/03 6:15 a.m.•2 views

CVE-2022-32268

8.8CVSS6.1AI score

Exploits0References1

NVD•added 2022/06/03 6:15 a.m.•20 views

CVE-2022-32268

9CVSS0.02091EPSS

Exploits0References1

ATTACKERKB•added 2022/06/03 6:15 a.m.•1 views

CVE-2022-32268

9CVSS6.2AI score0.02091EPSS

Exploits0References2

Prion•added 2022/06/03 6:15 a.m.•15 views

Design/Logic Flaw

9CVSS8.9AI score0.02091EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/03 5:19 a.m.•28 views

CVE-2022-32268

9.1AI score0.02091EPSS

Exploits0References1

CVE•added 2022/06/03 5:19 a.m.•70 views

CVE-2022-32268

CVE-2022-32268 affects StarWind SAN and NAS v0.2 build 1914. The REST API command to change the hostname does not validate the new hostname parameter and passes it to bash within a script, allowing an attacker with non-root access to inject data and achieve root-level code execution. No exploitat...

9CVSS8.9AI score0.02091EPSS

Exploits0References1Affected Software1

CNNVD•added 2022/06/03 12:0 a.m.•3 views

StarWind SAN & NAS 安全漏洞

StarWind SAN & NAS is a standalone hypervisor server or group of servers for StarWind. A security vulnerability exists in StarWind SAN & NAS v0.2 build 1914, which can be exploited by an attacker to cause remote code execution...

9CVSS8.4AI score0.02091EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by