Grafana < 8.5.22 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 8.5.22, or earlier than 9.2.15, or earlier than 9.3.11. It is, therefore, affected by a cross-site scripting vulnerability. Note that the scanner has not tested for these issues but has instead...

UBUNTU-CVE-2023-1410

Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...

Stored XSS in Graphite FunctionDescription tooltip

Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...

Drupal Multiple Vulnerabilities in Third-party Library (SA-CORE-2022-005) - Windows

Drupal is prone to multiple vulnerabilities in a third-party library. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Vulnerabilities fixed in Drupal

Vulnerabilities have been fixed in CKEditor as used by Drupal. The vulnerability with reference CVE-2022-24728 can be exploited to perform a cross-site scripting attack. The vulnerability with attribute CVE-2022-24729 allows a malicious additionally able to cause a denial-of-service that is limit...

CVE-2020-9318

Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15...

Sql injection

Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15...

PostgreSQL Multiple Vulnerabilities (Mar 2015) - Linux

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

postgresql security update

CentOS Errata and Security Advisory CESA-2016:0346 Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score,...

Code injection

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors...

CVE-2016-0766

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors...