2 matches found
CVE-2022-24552
The CVE-2022-24552 entry concerns StarWind Stack’s REST API: the REST command that manipulates a virtual disk does not validate input parameters, and certain inputs are passed to a bash script. This allows an attacker with non-root access to inject data that may be executed with root privileges, ...
CVE-2022-24551
The CVE-2022-24551 issue affects StarWind SAN & NAS: the password-reset endpoint does not validate the current username and old password, allowing an attacker to reset any local user password (including administrator). Reported for StarWind SAN & NAS v0.2 builds 1633–1684. Mitigation: update to v...