Aggregates CVE and security vulnerability intelligence across all starwindsoftware-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption, vendor risk buffer overflow, and vendor risk input validation and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-14314 | A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. | [email protected] | 5.5 | 0.37% | 2020-09-15 | 2026-06-16 |
| CVE-2020-24394 | In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. | [email protected] | 7.1 | 0.36% | 2020-08-19 | 2026-06-16 |
| CVE-2019-20807 | In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | [email protected] | 5.3 | 0.49% | 2020-05-28 | 2026-06-16 |
| CVE-2018-18585 | chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | [email protected] | 4.3 | 3.06% | 2018-10-22 | 2026-06-16 |
| CVE-2018-18584 | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. | [email protected] | 6.5 | 3.09% | 2018-10-22 | 2026-06-16 |
| CVE-2018-16758 | Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | [email protected] | 5.9 | 0.95% | 2018-10-10 | 2026-06-16 |
| CVE-2018-16738 | tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1. | [email protected] | 3.7 | 1.35% | 2018-10-10 | 2026-06-16 |
| CVE-2018-16737 | tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. | [email protected] | 5.3 | 1.47% | 2018-10-10 | 2026-06-16 |
| CVE-2018-3839 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.60% | 2018-04-10 | 2026-06-16 |
| CVE-2018-3837 | An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 5.5 | 1.25% | 2018-04-10 | 2026-06-16 |