threat
engine
.sh
Back
·
··:··
Home
/
Product
/
opennms horizon
Product
opennms horizon
51 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-40314
< 32.0.5
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidenti
5.8
MEDIUM
CVE-2023-40612
>= 31.0.8 and < 32.0.2
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_E
5.3
MEDIUM
CVE-2022-45582
>= 19.4.0 and <= 20.1.4
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
6.1
MEDIUM
CVE-2023-40315
>= 31.0.8 and < 32.0.2
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_ED
5.3
MEDIUM
CVE-2023-40313
< 32.0.2
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian version
7.1
HIGH
CVE-2023-40312
>= 31.0.8 and < 32.0.2
Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlie
6.7
MEDIUM
CVE-2023-40311
>= 31.0.8 and < 32.0.2
Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier t
6.7
MEDIUM
CVE-2023-0872
>= 31.0.8 and < 32.0.2
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is
8.2
HIGH
CVE-2023-0871
>= 32.0.0 and < 32.0.2
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerab
5.4
MEDIUM
CVE-2023-0870
< 31.0.6
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potential
8.1
HIGH
CVE-2023-0869
< 31.0.4
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confiden
5.8
MEDIUM
CVE-2023-0868
< 31.0.4
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker acces
6.7
MEDIUM
CVE-2023-0867
< 31.0.4
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian an
6.7
MEDIUM
CVE-2023-0815
< 31.0.4
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow
6.8
MEDIUM
CVE-2023-0846
< 31.0.4
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and M
6.7
MEDIUM
CVE-2014-125078
< 2014-07-08
A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality
3.5
LOW
CVE-2022-22964
< 2203
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to
7.8
HIGH
CVE-2022-22962
< 2203
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default share
7.8
HIGH
CVE-2022-22938
>= 5.0.0 and < 5.5.3
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnera
6.5
MEDIUM
CVE-2021-25935
>= 17.0.0 and <= 27.1.0
In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1
5.4
MEDIUM
CVE-2021-25934
>= 18.0.0 and <= 27.1.0
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1
5.4
MEDIUM
CVE-2021-25933
>= 1.0 and < 27.1.1
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
4.8
MEDIUM
CVE-2021-25931
>= 1.0 and < 27.1.1
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
8.8
HIGH
CVE-2021-25929
>= 1.0 and < 27.1.1
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
4.8
MEDIUM
CVE-2021-25930
>= 1.0 and < 27.1.1
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
4.3
MEDIUM
CVE-2021-3396
>= 16.0.0 and <= 27.0.3
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, a
8.8
HIGH
CVE-2020-29565
>= 15.3.0 and < 15.3.2
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. T
6.1
MEDIUM
CVE-2020-3997
>= 7.0 and < 7.10.3
VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation
5.4
MEDIUM
CVE-2020-11886
< 25.2.1
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmVal
8.1
HIGH
CVE-2012-5476
all versions
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable wh
5.5
MEDIUM
CVE-2012-5474
>= 2012.1 and < 2012.1.1
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horiz
5.5
MEDIUM
CVE-2019-5527
< 5.2.0
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has
8.8
HIGH
CVE-2019-5513
>= 6.0.0 and < 6.2.8
VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnera
5.3
MEDIUM
CVE-2017-7400
all versions
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS att
4.8
MEDIUM
CVE-2016-4428
>= 8.0.0 and <= 8.0.1
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote
5.4
MEDIUM
CVE-2015-3219
all versions
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.
CVE-2015-3988
all versions
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to
CVE-2014-8124
>= 2014.1 and < 2014.1.3
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a d
CVE-2014-8578
>= 2013.2 and < 2013.2.4
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.
CVE-2014-3475
>= 2013.2 and < 2013.2.4
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.
CVE-2014-3474
>= 2013.2 and < 2013.2.4
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStac
CVE-2014-3473
>= 2013.2 and < 2013.2.4
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Da
CVE-2014-3594
>= 2013.2 and < 2013.2.4
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1
CVE-2013-4471
>= 2013.1 and < 2013.2
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords f
CVE-2014-0157
all versions
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before
CVE-2013-6858
>= 2013.1 and <= 2013.2
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to injec
CVE-2012-3542
all versions
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an
CVE-2012-3540
all versions
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redi
CVE-2012-3426
all versions
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement t
CVE-2012-2144
all versions
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions
CVE-2012-2094
all versions
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in Ope
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin