CVE Daily
← All tags

Tag: Omnissa Horizon

All CVEs associated with "Omnissa Horizon". Page 2/2 • 134 CVEs.

Subscribe CVEs: RSS for “Omnissa Horizon”  ·  RSS (High+Critical only)

About “Omnissa Horizon”

A curated feed of “Omnissa Horizon”-related CVEs appears below. We currently track 134 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 6.7 (all time; 6.8 over 365d), and 43% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-696 - Incorrect Behavior Order, CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition.

In our taxonomy this topic maps to a LOW impact class. Virtualization and VDI management can impact many hosts at once. Patch the management plane first, restrict management networks, and verify backup or snapshot workflows. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2014-08-22
Low

CVE-2014-3594

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2014-05-14
Medium

CVE-2013-4471

The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to chang…

CVSS: 5.5 CWE: CWE-287 - Improper Authentication View on NVD
2014-04-15
Medium

CVE-2014-0157

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2014-01-09
High

CVE-2013-7139

SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2013-7138

Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in t…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2013-12-19
Critical

CVE-2013-7136

The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a br…

CVSS: 9.3 CWE: CWE-310 View on NVD
2013-11-23
Medium

CVE-2013-6858

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes"…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2012-09-05
Medium

CVE-2012-3540

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a…

CVSS: 5.8 CWE: CWE-20 - Improper Input Validation View on NVD
2012-06-05
Medium

CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2012-2094

Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows rem…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-07-25
Medium

CVE-2010-2855

Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail…

CVSS: 6.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Low

CVE-2010-2854

Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2005-06-16
High

CVE-2005-2026

Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-2027

Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information…

CVSS: 5.0 CWE: N/A View on NVD