Filtered by vendor Solarwinds
Subscriptions
Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15576 | 1 Solarwinds | 1 Serv-u | 2024-08-04 | 7.5 High |
| SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. | ||||
| CVE-2020-15574 | 1 Solarwinds | 1 Serv-u | 2024-08-04 | 7.5 High |
| SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. | ||||
| CVE-2020-15573 | 1 Solarwinds | 1 Serv-u | 2024-08-04 | 6.1 Medium |
| SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. | ||||
| CVE-2020-15543 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-08-04 | 9.8 Critical |
| SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. | ||||
| CVE-2020-15542 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-08-04 | 9.8 Critical |
| SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. | ||||
| CVE-2020-15541 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-08-04 | 9.8 Critical |
| SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. | ||||
| CVE-2020-14005 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-08-04 | 8.8 High |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | ||||
| CVE-2020-14006 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-08-04 | 5.4 Medium |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. | ||||
| CVE-2020-14007 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-08-04 | 5.4 Medium |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. | ||||
| CVE-2020-13912 | 1 Solarwinds | 1 Advanced Monitoring Agent | 2024-08-04 | 7.3 High |
| SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. | ||||
| CVE-2020-13169 | 1 Solarwinds | 1 Orion Platform | 2024-08-04 | 9.0 Critical |
| Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | ||||
| CVE-2020-12608 | 1 Solarwinds | 1 Managed Service Provider Patch Management Engine | 2024-08-04 | 7.8 High |
| An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter. | ||||
| CVE-2020-7984 | 1 Solarwinds | 1 N-central | 2024-08-04 | 7.5 High |
| SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. | ||||
| CVE-2020-5734 | 1 Solarwinds | 1 Dameware | 2024-08-04 | 7.5 High |
| Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | ||||
| CVE-2021-35218 | 1 Solarwinds | 1 Orion Platform | 2024-08-04 | 8.9 High |
| Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server | ||||
| CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2024-08-04 | 5.3 Medium |
| The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | ||||
| CVE-2021-35222 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-08-04 | 8 High |
| This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | ||||
| CVE-2021-35252 | 1 Solarwinds | 1 Serv-u | 2024-08-04 | 7.5 High |
| Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | ||||
| CVE-2021-35221 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-08-04 | 6.3 Medium |
| Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | ||||
| CVE-2021-35242 | 1 Solarwinds | 1 Serv-u | 2024-08-04 | 8.3 High |
| Serv-U server responds with valid CSRFToken when the request contains only Session. | ||||