Page 20 of 256 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. Los métodos HTTP TRACK & TRACE estaban habilitados en Kiwi Syslog Server versiones 9.7.1 y anteriores. • https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35233 • CWE-16: Configuration •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application". Como resultado de una vulnerabilidad de ruta de servicio no citada presente en Kiwi Syslog Server Installation Wizard, un atacante local podría alcanzar privilegios escalados al insertar un ejecutable en la ruta del servicio afectado o en la entrada de desinstalación. Ejemplo de ruta vulnerable: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application" • https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35231 • CWE-428: Unquoted Search Path or Element •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Como resultado de una vulnerabilidad de ruta de servicio no citada presente en el Asistente de Instalación de Kiwi CatTools, un atacante local podría alcanzar privilegios escalados al insertar un ejecutable en la ruta del servicio afectado o en la entrada de desinstalación • https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35230 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim. Esta vulnerabilidad se produjo debido a una falta de saneo de la entrada para uno de los campos de salida que se extrae de los encabezados en la sección específica de la página causando un ataque de tipo cross site scripting reflectivo. Un atacante tendría que llevar a cabo un ataque de tipo Man in the Middle para cambiar el encabezado de una víctima remota • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2021-3-7438_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35228 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. La interfaz HTTP estaba habilitada para el plugin RabbitMQ en ARM versión 2020.2.6, y la capacidad de configurar HTTPS no estaba disponible • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2021-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35227 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-502: Deserialization of Untrusted Data •