Approved changes feed: RSS · Atom
cpe:2.3:a:starwindsoftware:san:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Starwindsoftware (546370dc-879f-52b2-b476-b038ac1027d1) |
|---|---|
| Product | San (33f0fb3e-2e03-5ba6-80d5-bafe8ef57cb5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-24552 |
vulnerable | 2026-06-08 05:41:01.032750 |
Details available
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.
Published: 2022-02-06T20:18:25.000Z
Updated: 2024-08-03T04:13:56.675Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24551 |
vulnerable | 2026-06-08 05:41:01.032305 |
Details available
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633.
Published: 2022-02-06T20:18:40.000Z
Updated: 2024-08-03T04:13:56.640Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.