CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password including system/administrator user using any available user This affects StarWind SAN and NAS v0.2 build 1633...

9CVSS6.8AI score0.00399EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:56 p.m.•6 views

CVE-2022-23858

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...

9CVSS6.8AI score0.00511EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:56 p.m.•4 views

CVE-2022-32268

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can injec...

9CVSS7.8AI score0.04474EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:29 p.m.•4 views

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

10CVSS6.9AI score0.00805EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 12:32 a.m.•4 views

CVE-2013-20004

A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN Windows Native Versio...

9.8CVSS6.7AI score0.00472EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 6:26 p.m.•4 views

CVE-2007-20001

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operations to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN Windows Native Version 3.2.2 build 2007-02-20...

7.5CVSS6.6AI score0.00389EPSS

Exploits0References1

OSV•added 2022/06/03 6:15 a.m.•0 views

CVE-2022-32268

8.8CVSS6.1AI score

Exploits0References1

NVD•added 2022/06/03 6:15 a.m.•9 views

CVE-2022-32268

9CVSS0.04474EPSS

Exploits0References1

ATTACKERKB•added 2022/06/03 6:15 a.m.•1 views

CVE-2022-32268

9CVSS6.2AI score0.04474EPSS

Exploits0References2

Prion•added 2022/06/03 6:15 a.m.•8 views

Design/Logic Flaw

9CVSS8.9AI score0.04474EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/03 5:19 a.m.•13 views

CVE-2022-32268

9.1AI score0.04474EPSS

Exploits0References1

CVE•added 2022/06/03 5:19 a.m.•65 views

CVE-2022-32268

CVE-2022-32268 affects StarWind SAN and NAS v0.2 build 1914. The REST API command to change the hostname does not validate the new hostname parameter and passes it to bash within a script, allowing an attacker with non-root access to inject data and achieve root-level code execution. No exploitat...

9CVSS8.9AI score0.04474EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2022/06/03 12:0 a.m.•2 views

PT-2022-21193 · Starwind · Starwind Stack +1

Name of the Vulnerable Software and Affected Versions: StarWind SAN and NAS version 0.2 build 1914 Description: A flaw was found in the REST API of StarWind Stack, allowing remote code execution. The REST command for changing the hostname does not check the new hostname parameter, which can be...

9CVSS9AI score0.04474EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by