Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solr vulnerabilities and exploits
(subscribe to this query)
188
VMScore
CVE-2018-8026
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in thes...
Apache Solr
Netapp Snapcenter -
Netapp Storage Automation Store -
187
VMScore
CVE-2018-8010
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar w...
Apache Solr
445
VMScore
CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrar...
Apache Solr
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
578
VMScore
CVE-2017-15044
The default installation of DocuWare Fulltext Search server up to and including 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attack...
Docuware Fulltext Server
534
VMScore
CVE-2017-9803
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e...
Apache Solr 6.2.1
Apache Solr 6.4.0
Apache Solr 6.2.0
Apache Solr 6.4.1
Apache Solr 6.5.0
Apache Solr 6.4.2
Apache Solr 6.5.1
Apache Solr 6.3.0
Apache Solr 6.6.0
570
VMScore
CVE-2017-11693
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and ...
Medhost Medhost Document Management System -
570
VMScore
CVE-2017-11694
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financi...
Medhost Medhost Document Management System -
668
VMScore
CVE-2017-11614
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial informatio...
Medhost Connex -
445
VMScore
CVE-2017-7660
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe t...
Apache Solr 5.5.2
Apache Solr 5.5.3
Apache Solr 6.3.0
Apache Solr 6.4.0
Apache Solr 5.3.1
Apache Solr 5.3.2
Apache Solr 5.5.4
Apache Solr 6.0.0
Apache Solr 6.4.1
Apache Solr 6.4.2
Apache Solr 5.4.0
Apache Solr 5.4.1
Apache Solr 6.0.1
Apache Solr 6.1.0
Apache Solr 6.5.0
Apache Solr 6.5.1
Apache Solr 5.3.0
Apache Solr 5.5.0
Apache Solr 5.5.1
Apache Solr 6.2.0
Apache Solr 6.2.1
641
VMScore
CVE-2016-6268
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
Trendmicro Smart Protection Server 2.5
Trendmicro Smart Protection Server 2.6
Trendmicro Smart Protection Server 3.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »