CVE-2022-36537

creationtimestamp| type| source ---|---|--- 2022-08-27 00:30:26+00:00| seen| https://t.me/cibsecurity/48923 2022-11-01 12:31:11+00:00| seen| https://t.me/thehackernews/2720 2022-12-09 12:28:21+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/3580 2022-12-09 14:25:09+00:00|...

Three Reasons Why Unification Drives Modern Data Security Strategy

Today, the necessities of business innovation compel most organizations to have several teams with diverse priorities managing dozens of data sources, all with different structures. This makes it impossible to secure complete data repositories successfully using traditional methods. This post wil...

Vulnerability fixed in Grafana Enterprise

Grafana Labs has fixed a vulnerability in Grafana Enterprise. A malicious person with the rights to create their own data source could exploit the vulnerability for a Same Site Request Forgery attack SSRF and thus gain access to sensitive data. Grafana Labs has released updates to fix the...

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

IBM Watson Query with Cloud Pak for Data as a Service权限提升漏洞

IBM Watson Query is a general-purpose query engine from IBM USA. It can perform distributed and virtualized queries across databases, data warehouses, data lakes and streaming data without additional manual changes, data movement or replication. IBM Watson Query with Cloud Pak for Data as a Servi...

CVE-2022-22410

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763...

CVE-2022-22410

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763...

Code injection

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763...

CVE-2022-22410

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763...

IBM Watson Query 安全漏洞

IBM Watson Query is a general-purpose query engine from IBM USA. It can perform distributed and virtualized queries across databases, data warehouses, data lakes and streaming data without additional manual changes, data movement or replication. IBM Watson Query with Cloud Pak for Data as a Servi...

CVE-2022-22410

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763...

CVE-2021-32985

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid...

The vulnerability of Google Chrome’s Navigation function, which allows a hacker to manipulate the URL bar content

The vulnerability of Google Chrome’s Navigation function is related to a lack of mechanisms for verifying the source of data. Exploiting this vulnerability allows a malicious actor to manipulate the URL field using a specially created HTML page...

CVE-2022-0847

creationtimestamp| type| source ---|---|--- 2022-03-07 14:34:43+00:00| seen| https://t.me/GithubRedTeam/1602 2022-03-07 15:56:02+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1603 2022-03-07 18:39:00+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1606 2022-03-07...

Grafana Cross-Site Scripting Vulnerability (CNVD-2022-28802)

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. A cross-site scripting vulnerability exists in Grafana, which stems from the product's failure to...

CVE-2022-0492

creationtimestamp| type| source ---|---|--- 2022-03-03 22:26:18+00:00| seen| https://t.me/cibsecurity/38378 2022-03-05 09:45:44+00:00| seen| https://t.me/thehackernews/1951 2022-03-05 22:52:04+00:00| seen| https://t.me/conservativejblQck1776/70982 2022-03-06 11:02:27+00:00|...

OESA-2022-1531 grafana security update

Metrics dashboard and graph editor. Security Fixes: Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will...

CVE-2022-21702

A Cross-site scripting XSS vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting...

Grafana 跨站脚本漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. A cross-site scripting vulnerability exists in Grafana, which stems from the product's failure to...

Grafana -- XSS

Grafana Labs reports: On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to...