Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horizon vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-6858
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and previous versions allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
Openstack Horizon
Opensuse Opensuse 13.1
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
7.2
CVSSv2
CVE-2019-5527
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
Vmware Workstation
Vmware Horizon
Vmware Remote Console
Vmware Fusion
Vmware Esxi 6.0
Vmware Esxi 6.5
Vmware Esxi 6.7
2.1
CVSSv2
CVE-2012-5474
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package prior to 2012.1.1) is world readable and exposes the secret key value.
Redhat Openstack 2.0
Openstack Horizon
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 18
7.2
CVSSv2
CVE-2015-3650
vmware-vmx.exe in VMware Workstation 7.x up to and including 10.x prior to 10.0.7 and 11.x prior to 11.1.1, VMware Player 5.x and 6.x prior to 6.0.7 and 7.x prior to 7.1.1, and VMware Horizon Client 5.x local-mode prior to 5.4.2 on Windows does not provide a valid DACL pointer du...
Vmware Player 5.0
Vmware Player 6.0.2
Vmware Player 6.0.3
Vmware Player 5.0.1
Vmware Player 5.0.2
Vmware Player 6.0.4
Vmware Player 6.0.5
Vmware Player 6.0
Vmware Player 6.0.1
Vmware Player 7.1
Vmware Player 5.0.3
Vmware Player 5.0.4
Vmware Player 6.0.6
Vmware Player 7.0
Vmware Workstation 10.0
Vmware Workstation 10.0.1
Vmware Workstation 10.0.2
Vmware Workstation 10.0.3
Vmware Workstation 10.0.4
Vmware Workstation 11.0
Vmware Workstation 11.1
Vmware Workstation 10.0.5
6.6
CVSSv2
CVE-2017-4948
VMware Workstation (14.x prior to 14.1.0 and 12.x) and Horizon View Client (4.x prior to 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a ...
Vmware Workstation 12.5.1
Vmware Workstation 12.5.2
Vmware Workstation 12.5.3
Vmware Workstation 12.1.1
Vmware Workstation 12.5
Vmware Workstation 12.5.4
Vmware Workstation 12.5.5
Vmware Workstation 12.5.6
Vmware Workstation 12.5.7
Vmware Workstation 12.5.8
Vmware Workstation 12.0.1
Vmware Workstation 12.0.0
Vmware Workstation 14.0
Vmware Workstation 12.5.9
Vmware Workstation 12.1
Vmware Workstation 12.5.0
Vmware Horizon View
7.5
CVSSv2
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Vmware Esxi 6.0
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Horizon Daas
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.7
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Openslp Openslp 1.2.1
Openslp Openslp 2.0.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
NA
CVE-2013-6406
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-6858. Reason: This candidate is a reservation duplicate of CVE-2013-6858. Notes: All CVE users should reference CVE-2013-6858 instead of this candidate. All references and descriptions in this candidate have ...
NA
CVE-2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confiden...
Redhat Openstack 16.2
9.3
CVSSv2
CVE-2013-7136
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote malicious users to obtain access via a brute-force attack.
Upc Ireland Cisco Epc2425 -
1 EDB exploit
4
CVSSv2
CVE-2014-0165
WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.
Wordpress Wordpress 3.7
Wordpress Wordpress
Wordpress Wordpress 3.4.2
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.2
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.3
Wordpress Wordpress 2.9
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.1
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.5.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »