Search Results (362534 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35227 1 Solarwinds 1 Access Rights Manager 2024-11-21 4.7 Medium
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.
CVE-2021-35225 1 Solarwinds 1 Network Performance Monitor 2024-11-21 5 Medium
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.
CVE-2021-35223 1 Solarwinds 1 Serv-u 2024-11-21 8.5 High
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
CVE-2021-35222 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 8 High
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
CVE-2021-35221 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 6.3 Medium
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
CVE-2021-35220 1 Solarwinds 1 Orion Platform 2024-11-21 8.1 High
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
CVE-2021-35219 1 Solarwinds 1 Orion Platform 2024-11-21 6 Medium
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
CVE-2021-35218 1 Solarwinds 1 Orion Platform 2024-11-21 8.9 High
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
CVE-2021-35217 1 Solarwinds 1 Patch Manager 2024-11-21 8.9 High
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
CVE-2021-35216 1 Solarwinds 1 Patch Manager 2024-11-21 8.9 High
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
CVE-2021-35215 1 Solarwinds 1 Orion Platform 2024-11-21 8.9 High
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
CVE-2021-35214 1 Solarwinds 1 Pingdom 2024-11-21 4.8 Medium
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.
CVE-2021-35213 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 8.9 High
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
CVE-2021-35212 1 Solarwinds 1 Orion Platform 2024-11-21 8.9 High
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
CVE-2021-35210 1 Contao 1 Contao 2024-11-21 6.1 Medium
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-35209 1 Zimbra 1 Collaboration 2024-11-21 9.8 Critical
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting).
CVE-2021-35208 1 Zimbra 1 Collaboration 2024-11-21 5.4 Medium
An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
CVE-2021-35207 1 Zimbra 1 Collaboration 2024-11-21 6.1 Medium
An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url.
CVE-2021-35206 1 Gitpod 1 Gitpod 2024-11-21 6.1 Medium
Gitpod before 0.6.0 allows unvalidated redirects.
CVE-2021-35205 1 Netscout 1 Ngeniusone 2024-11-21 5.4 Medium
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.