1047 matches found
CVE-2022-1403
creationtimestamp| type| source ---|---|--- 2022-04-29 20:25:11+00:00| seen| https://t.me/cibsecurity/41678...
SQL Injection
Overview blazer is an allows you to explore your data with SQL. Easily create charts and dashboards, and share them with your team. Affected versions of this package are vulnerable to SQL Injection by allowing specific variable values to modify the query rather than just the variable. This can...
CVE-2021-32985 AVEVA System Platform Origin Validation Error
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid...
CVE-2021-32970
creationtimestamp| type| source ---|---|--- 2022-04-02 02:26:06+00:00| seen| https://t.me/cibsecurity/40048...
The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows attackers to expose protected information.
The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to a lack of mechanisms for verifying the source of data. Exploiting this vulnerability allows a malicious actor to disclose protected information through a specially created HTML page...
The vulnerability of Google Chrome’s browser password managers allows attackers to expose protected information.
The vulnerability of Google Chrome’s browser password managers is related to a lack of mechanisms for verifying the source of data. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially created web page...
OESA-2022-1599 grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin prox...
CVE-2022-26500
creationtimestamp| type| source ---|---|--- 2022-03-14 13:38:49+00:00| seen| https://t.me/ptswarm/115 2022-03-15 17:19:30+00:00| seen| https://t.me/cKure/9039 2022-03-16 14:51:00+00:00| exploited| https://t.me/itsecnews/315 2022-03-17 23:21:50+00:00| seen| https://t.me/cibsecurity/39170 2023-06-1...
UBUNTU-CVE-2022-21702
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...
CVE-2022-21702
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...
CVE-2022-21702
Grafana CVE-2022-21702 is an XSS vulnerability in the data source proxy and plugin proxy paths. Affected: Grafana HTTP-based datasources configured with Server as Access Mode and a URL, and HTTP-based app plugins configured with a URL (versions up to 8.3.4; back-end plugin resources also mentione...
log4j-core: remote code execution via JDBC Appender
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...
log4j-core: remote code execution via JDBC Appender
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...
log4j-core: remote code execution via JDBC Appender
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...
log4j-core: remote code execution via JDBC Appender
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...
log4j-core: remote code execution via JDBC Appender
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...
Information Disclosure
github.com/grafana/grafana is vulnerable to information disclosure. When the forward auth identity is enabled, the library sends the OAuth identity of the most recently logged-in user when sending a query to the data source, allowing an attacker to retrieve sensitive data from the most recently...
Medium: aws-kinesis-agent
Issue Overview: Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC...
Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Symphony is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)
Summary Apache Log4j is used by IBM Spectrum Symphony for generating logs in some of its components such as ELK, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution CVE-2021-44832 and CVE-2021-45046 and denial of service...
Grafana OAuth Identity Token Vulnerability (GHSA-8wjh-59cw-9xh4)
Grafana is prone to a vulnerability in the OAuth identity token. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...