Filtered by vendor Solarwinds
Subscribe
Total
253 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12608 | 1 Solarwinds | 1 Managed Service Provider Patch Management Engine | 2020-05-15 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter. | |||||
| CVE-2020-5734 | 1 Solarwinds | 1 Dameware | 2020-04-07 | 4.3 MEDIUM | 7.5 HIGH |
| Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | |||||
| CVE-2019-12954 | 1 Solarwinds | 2 Network Performance Monitor Orion Platform 2018 Netpath, Network Performance Monitor Orion Platform 2018 Npm | 2020-02-28 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | |||||
| CVE-2020-7984 | 1 Solarwinds | 1 N-central | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. | |||||
| CVE-2019-17125 | 1 Solarwinds | 1 Orion Platform | 2020-01-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. | |||||
| CVE-2019-17127 | 1 Solarwinds | 1 Orion Platform | 2020-01-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. | |||||
| CVE-2013-3249 | 1 Solarwinds | 1 Dameware Remote Support | 2020-01-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2019-19829 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-12-23 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. | |||||
| CVE-2019-13182 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-12-18 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | |||||
| CVE-2015-8220 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2019-10-22 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. | |||||
| CVE-2018-15906 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. | |||||
| CVE-2018-16791 | 1 Solarwinds | 1 Sftp\/scp Server | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server. | |||||
| CVE-2017-7647 | 1 Solarwinds | 1 Log \& Event Manager | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | |||||
| CVE-2017-5198 | 1 Solarwinds | 1 Log And Event Manager | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. | |||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |||||
| CVE-2018-19386 | 1 Solarwinds | 1 Database Performance Analyzer | 2019-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | |||||
| CVE-2018-13442 | 1 Solarwinds | 1 Network Performance Monitor | 2019-07-18 | 6.5 MEDIUM | 8.8 HIGH |
| SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. | |||||
| CVE-2018-12897 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2019-07-16 | 4.6 MEDIUM | 7.8 HIGH |
| SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. | |||||
| CVE-2018-19999 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-06-10 | 7.2 HIGH | 7.8 HIGH |
| The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session. | |||||
| CVE-2018-19934 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-03-25 | 3.5 LOW | 4.8 MEDIUM |
| SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | |||||