Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solr vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2018-8026
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in thes...
Apache Solr
Netapp Snapcenter -
Netapp Storage Automation Store -
5.5
CVSSv3
CVE-2018-8010
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar w...
Apache Solr
7.5
CVSSv3
CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrar...
Apache Solr
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-15044
The default installation of DocuWare Fulltext Search server up to and including 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attack...
Docuware Fulltext Server
7.5
CVSSv3
CVE-2017-9803
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e...
Apache Solr 6.2.1
Apache Solr 6.4.0
Apache Solr 6.2.0
Apache Solr 6.4.1
Apache Solr 6.5.0
Apache Solr 6.4.2
Apache Solr 6.5.1
Apache Solr 6.3.0
Apache Solr 6.6.0
9.1
CVSSv3
CVE-2017-11694
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financi...
Medhost Medhost Document Management System -
9.1
CVSSv3
CVE-2017-11693
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and ...
Medhost Medhost Document Management System -
9.8
CVSSv3
CVE-2017-11614
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial informatio...
Medhost Connex -
7.5
CVSSv3
CVE-2017-7660
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe t...
Apache Solr 5.5.2
Apache Solr 5.5.3
Apache Solr 6.3.0
Apache Solr 6.4.0
Apache Solr 5.3.1
Apache Solr 5.3.2
Apache Solr 5.5.4
Apache Solr 6.0.0
Apache Solr 6.4.1
Apache Solr 6.4.2
Apache Solr 5.4.0
Apache Solr 5.4.1
Apache Solr 6.0.1
Apache Solr 6.1.0
Apache Solr 6.5.0
Apache Solr 6.5.1
Apache Solr 5.3.0
Apache Solr 5.5.0
Apache Solr 5.5.1
Apache Solr 6.2.0
Apache Solr 6.2.1
7.8
CVSSv3
CVE-2016-6268
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
Trendmicro Smart Protection Server 2.5
Trendmicro Smart Protection Server 2.6
Trendmicro Smart Protection Server 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »