Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-15576
SolarWinds Serv-U File Server prior to 15.2.1 allows information disclosure via an HTTP response.
Solarwinds Serv-u
7.5
CVSSv3
CVE-2022-47012
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
Solarwinds Dynamips 0.2.21
9.8
CVSSv3
CVE-2021-25274
The Collector Service in SolarWinds Orion Platform prior to 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process....
Solarwinds Orion Platform
1 Article
7.8
CVSSv3
CVE-2021-25275
SolarWinds Orion Platform prior to 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can ...
Solarwinds Orion Platform
1 Github repository
5.4
CVSSv3
CVE-2019-16955
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
Solarwinds Webhelpdesk 12.7.0
5.4
CVSSv3
CVE-2019-16957
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
Solarwinds Webhelpdesk 12.7.0
6.5
CVSSv3
CVE-2019-16959
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
Solarwinds Webhelpdesk 12.7.0
7.8
CVSSv3
CVE-2022-47505
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
Solarwinds Orion Platform
6.1
CVSSv3
CVE-2022-47509
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.
Solarwinds Orion Platform
9.8
CVSSv3
CVE-2020-35481
SolarWinds Serv-U prior to 15.2.2 allows Unauthenticated Macro Injection.
Solarwinds Serv-u
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »