20 matches found
EUVD-2005-4893
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
Exploit for Cross-site Scripting in Misp
MISP 2.5.27 Stored XSS Exploitation Vulnerability Identifie...
EUVD-2024-27333
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-2380
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored XSS in graph rendering in Checkmk 2.3.0b4. CVE-2024-2380 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL...
CVE-2025-27793
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...
CVE-2024-2380
Stored XSS in graph rendering in Checkmk 2.3.0b4...
CVE-2024-2380
Stored XSS in graph rendering in Checkmk 2.3.0b4...
UBUNTU-CVE-2024-2380
Stored XSS in graph rendering in Checkmk 2.3.0b4...
CVE-2024-2380
CVE-2024-2380 affects Checkmk prior to version 2.3.0b4, with a stored XSS vulnerability in the graph rendering component. The root cause is an XSS flaw in how graphs are rendered, potentially allowing an attacker to inject script via graph data. Mitigation is to upgrade to 2.3.0b4 or later (per d...
CVE-2024-2380 XSS in graph rendering
Stored XSS in graph rendering in Checkmk 2.3.0b4...
CVE-2024-2380 XSS in graph rendering
Stored XSS in graph rendering in Checkmk 2.3.0b4...
PT-2024-20091 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0b4 Description: The issue is related to stored XSS in graph rendering. Recommendations: For versions prior to 2.3.0b4, update to version 2.3.0b4 or later to resolve the issue...
jenkins: Excessive memory allocation in graph URLs leads to denial of service
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
jenkins: Excessive memory allocation in graph URLs leads to denial of service
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
jenkins: Excessive memory allocation in graph URLs leads to denial of service
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
Denial Of Service (DoS)
jenkins is vulnerable to denial of service DoS. The vulnerability exists as it does not limit sizes provided as query parameters to graph-rendering URLs...
CVE-2021-21607
The CVE-2021-21607 issue affects Jenkins 2.274 and earlier, and Jenkins LTS 2.263.1 and earlier, where graph rendering URLs do not cap the maximum graph size. This can allow crafted or user-requested URLs to exhaust memory, potentially causing Jenkins to experience out-of-memory errors (DoS). A f...
PT-2021-14650 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue allows attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors. This is due to...
Fedora 25 : qt5-qtwebengine (2017-58cde32413)
This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009,...
Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Platespin Orchestrate. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application utilizes a bundled component for rendering graphs. Th...