Graphite Security Vulnerabilities
Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target...
7.8CVSS
8AI Score
0.001EPSS
Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target...
7.8CVSS
8AI Score
0.001EPSS
Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the.....
7.8CVSS
8.1AI Score
0.001EPSS
In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current...
7.8CVSS
7.8AI Score
0.001EPSS
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code....
7.8CVSS
7.8AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0...
7.1CVSS
6AI Score
0.0005EPSS
A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.....
5.4CVSS
5.4AI Score
0.001EPSS
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be.....
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
5.4CVSS
5.3AI Score
0.001EPSS
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than...
7.5AI Score
0.969EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.001EPSS
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized...
7.3AI Score
0.969EPSS
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent.....
7.5CVSS
7.2AI Score
0.008EPSS