Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horizon vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-40313
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon ...
Opennms Horizon
Opennms Meridian
8.8
CVSSv3
CVE-2021-25931
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSR...
Opennms Horizon
Opennms Meridian
8.8
CVSSv3
CVE-2021-3396
OpenNMS Meridian 2016, 2017, 2018 prior to 2018.1.25, 2019 prior to 2019.1.16, and 2020 prior to 2020.1.5, Horizon 1.2 up to and including 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
Opennms Newts
Opennms Horizon
Opennms Meridian
8.8
CVSSv3
CVE-2020-12760
An issue exists in OpenNMS Horizon prior to 26.0.1, and Meridian prior to 2018.1.19 and 2019 prior to 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution...
Opennms Opennms Horizon
Opennms Opennms Meridian
8.8
CVSSv3
CVE-2019-5527
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
Vmware Workstation
Vmware Horizon
Vmware Remote Console
Vmware Fusion
Vmware Esxi 6.0
Vmware Esxi 6.5
Vmware Esxi 6.7
8.8
CVSSv3
CVE-2018-6960
VMware Horizon DaaS (7.x prior to 8.0.0) contains a broken authentication vulnerability that may allow an malicious user to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
Vmware Horizon Daas
8.6
CVSSv3
CVE-2020-3944
vRealize Operations for Horizon Adapter (6.7.x before 6.7.1 and 6.6.x before 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may ...
Vmware Vrealize Operations
8.1
CVSSv3
CVE-2020-11886
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon prior to 25.2.1, Meridian 2019 prior to 2019.1.4, Meridian 2018 prior to 2018.1.16, and Meridian 20...
Opennms Horizon
Opennms Meridian
8
CVSSv3
CVE-2023-40612
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Hori...
Opennms Horizon
Opennms Meridian
8
CVSSv3
CVE-2023-40315
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer....
Opennms Horizon
Opennms Meridian
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »