1041 matches found
PT-2022-24077 · Unknown · Mysql Server +1
Name of the Vulnerable Software and Affected Versions: Remote Desktop Manager versions 2022.3.7 and prior Description: The issue allows deleted users to access unauthorized data due to active database connections on MySQL data sources. Recommendations: For Remote Desktop Manager versions 2022.3.7...
Remote Code Execution (RCE)
linkis-entrance is vulnerable to remote code execution. The vulnerability exists in the onProgressUpdate function of QueryPersistenceManager.java, allowing an attacker to inject and execute malicious query parameters when an attacker has write access to the database and configures a JDBC EC with ...
Apache Linkis subject to Remote Code Execution via deserialization
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
CVE-2022-39944
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...
CVE-2022-38671
creationtimestamp| type| source ---|---|--- 2022-10-14 22:29:22+00:00| seen| https://t.me/cibsecurity/51498...
CVE-2022-39201
A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability...
CVE-2022-31130
A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker...
CVE-2022-39201
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
UBUNTU-CVE-2022-39201
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
CVE-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...
CVE-2022-39201
Grafana CVE-2022-39201 affects Grafana before patches in 8.5.14 and 9.1.8. The issue allows a destination plugin to receive a user’s Grafana authentication cookie via data source and plugin proxy endpoints under certain conditions, enabling cookie leakage. Patched in Grafana 8.5.14 and 9.1.8; oth...
Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...
The vulnerability of the WebDriver driver for the Mozilla Firefox browser allows a hacker to disclose protected information and execute arbitrary code.
The vulnerability of the WebDriver driver for the Mozilla Firefox browser is related to a lack of mechanisms for verifying the data source. Exploiting this vulnerability allows a malicious actor, operating remotely, to circumvent established security restrictions, disclose sensitive information,...
Dairy Farm Shop Management System SQL注入漏洞
Dairy Farm Shop Management System is a Dairy Farm Shop Management System by the individual developer Anuj Kumar. A SQL injection vulnerability exists in Dairy Farm Shop Management System version 1.0, which was discovered to contain an SQL injection attack via sales-report-ds.php...
The vulnerability of the Mozilla Firefox browser, related to a lack of mechanism for verifying data sources, allows attackers to perform spear-phishing attacks.
The vulnerability of the Mozilla Firefox browser is related to a lack of mechanisms for verifying the source of data. Exploiting this vulnerability allows an attacker to perform spear-phishing attacks remotely...
CVE-2022-34916
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...
Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Grafana Labs reports: On September 7th as a result of an internal security audit we have discovered that Grafana could leak the authentication cookie of users to plugins. After further analysis the vulnerability impacts data source and plugin proxy endpoints under certain conditions. We believe...