CVE-2021-31474

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results...

CVE-2021-31474

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results...

CVE-2021-31474

CVE-2021-31474 affects SolarWinds Network Performance Monitor 2020.2.1. The vulnerability stems from improper validation in the SolarWinds.Serialization library, enabling deserialization of untrusted data and remote code execution with SYSTEM privileges. Public sources in the connected data inclu...

CVE-2021-27240

SolarWinds Patch Manager 2020.2.1 is affected by CVE-2021-27240 due to deserialization of untrusted data in the DataGridService WCF service. The vulnerability enables local attackers who can execute low-privileged code on the target to escalate privileges to Administrator and run arbitrary code. ...

solarwinds Patch Manager 代码问题漏洞

solarwinds Patch Manager is an application from solarwinds, Inc. It is used to manage third-party software. A security vulnerability in SolarWinds Patch Manager 2020.2.1, which exists due to a lack of proper validation of user-supplied data, can be exploited by an attacker to escalate privileges...

Solarwinds SolarWinds Orion Platform 路径遍历漏洞

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

JetBrains TeamCity Improper Privilege Control Vulnerability

TeamCity is a Java-based build management and continuous integration server from JetBrains. A privilege control impropriety vulnerability exists in JetBrains TeamCity versions prior to 2020.2.1 that stems from a user being able to access another user's GitHub access token. No details of the...

CVE-2021-25778

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly...

CVE-2021-25777

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly...

CVE-2021-25777

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly...

JetBrains TeamCity 安全漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. A privilege control impropriety vulnerability exists in JetBrains TeamCity versions prior to 2020.2.1 that stems from a user being able to access another user's GitHub access token. No details of the...

JetBrains TeamCity 安全漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. JetBrains TeamCity versions prior to 2020.2.1 are vulnerable to improper privilege checking during token deletion. No details of the vulnerability are provided at this time...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in...

Actively exploited vulnerability fixed in SolarWinds Orion

SolarWinds has fixed a vulnerability in the Orion Platform. A malicious party could exploit this vulnerability to bypass authentication within the Orion API. Subsequently, the API can be used to compromise the Orion installation or underlying operating system. The vulnerability is actively...

SolarWinds Orion Platform < 2019.4 HF6 / 2020.2 < 2020.2.1 HF2 Authentication Bypass (SUPERNOVA)

The version of SolarWinds Orion Platform running on the remote host is prior to 2019.4 HF6 or 2020.2 prior to 2020.2.1 HF 2. It is, therefore, affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this, via a specially crafted web request, to bypass...

SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory...

Actively exploited vulnerabilities fixed in SolarWinds Orion

SolarWinds reports active misuse of SolarWinds Orion. Through a still unknown method, a version of Orion was distributed between March and June 2020 distributed, which appears to contain a Trojan. It concerns the versions 2019.4 HF 5 through 2020.2.1. The manipulated versions are abused by...

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.11.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-15649, CVE-2020-15650 Vulnerability Details CVEID: CVE-2020-15649 DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to install a specially crafte...

SolarWinds Orion Platform Cross-Site Scripting Vulnerability (CNVD-2020-52937)

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

CVE-2020-13169

Stored XSS Cross-Site Scripting exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges takeover of administrator account...