Filtered by vendor Solarwinds
Subscriptions
Total
283 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14007 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-11-21 | 5.4 Medium |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. | ||||
| CVE-2020-14006 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-11-21 | 5.4 Medium |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. | ||||
| CVE-2020-14005 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-11-21 | 8.8 High |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | ||||
| CVE-2020-13912 | 1 Solarwinds | 1 Advanced Monitoring Agent | 2024-11-21 | 7.3 High |
| SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. | ||||
| CVE-2020-13169 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 9.0 Critical |
| Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | ||||
| CVE-2020-12608 | 1 Solarwinds | 1 Managed Service Provider Patch Management Engine | 2024-11-21 | 7.8 High |
| An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter. | ||||
| CVE-2020-10148 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 9.8 Critical |
| The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. | ||||
| CVE-2019-9546 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A |
| SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | ||||
| CVE-2019-9017 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 7.5 High |
| DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. | ||||
| CVE-2019-8917 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2024-11-21 | N/A |
| SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. | ||||
| CVE-2019-3980 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 9.8 Critical |
| The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account. | ||||
| CVE-2019-3957 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 7.4 High |
| Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. | ||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 7.8 High |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | ||||
| CVE-2019-19829 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. | ||||
| CVE-2019-17127 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6.1 Medium |
| A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. | ||||
| CVE-2019-17125 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6.1 Medium |
| A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. | ||||
| CVE-2019-16961 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | ||||
| CVE-2019-16960 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. | ||||
| CVE-2019-16959 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 6.5 Medium |
| SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | ||||
| CVE-2019-16958 | 1 Solarwinds | 1 Help Desk | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. | ||||