Filtered by vendor Solarwinds
Subscriptions
Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35237 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-09-16 | 5 Medium |
| A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server. | ||||
| CVE-2021-35227 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-16 | 4.7 Medium |
| The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | ||||
| CVE-2011-4800 | 1 Solarwinds | 1 Serv-u File Server | 2024-09-16 | N/A |
| Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. | ||||
| CVE-2021-35251 | 1 Solarwinds | 1 Web Help Desk | 2024-09-16 | 5.3 Medium |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. | ||||
| CVE-2012-2602 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. | ||||
| CVE-2021-35229 | 1 Solarwinds | 2 Database Performance Analyzer, Database Performance Monitor | 2024-09-16 | 6.8 Medium |
| Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | ||||
| CVE-2021-35244 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-09-16 | 6.8 Medium |
| The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. | ||||
| CVE-2022-36964 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2021-35236 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-09-16 | 3.1 Low |
| The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text. | ||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 8.8 High |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | ||||
| CVE-2021-35217 | 1 Solarwinds | 1 Patch Manager | 2024-09-16 | 8.9 High |
| Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data. | ||||
| CVE-2021-35213 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-09-16 | 8.9 High |
| An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability. | ||||
| CVE-2021-35248 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-09-16 | 6.8 Medium |
| It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. | ||||
| CVE-2021-35215 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 8.9 High |
| Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. | ||||
| CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2024-09-16 | 5.5 Medium |
| Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | ||||
| CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 5.4 Medium |
| Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | ||||
| CVE-2021-35234 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 8 High |
| Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. | ||||
| CVE-2015-8220 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-09-16 | N/A |
| Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. | ||||
| CVE-2021-35230 | 1 Solarwinds | 1 Kiwi Cattools | 2024-09-16 | 6.7 Medium |
| As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | ||||