104 matches found
DEBIAN-CVE-2017-18638
sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...
UBUNTU-CVE-2017-18638
sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...
PT-2019-8550 · Graphite +2 · Graphite +2
Name of the Vulnerable Software and Affected Versions: Graphite versions through 1.1.5 Graphite version 1.1.5 Description: The send email function in graphite-web/webapp/graphite/composer/views.py is vulnerable to Server-Side Request Forgery SSRF. An attacker can use the vulnerable SSRF endpoint ...
CVE-2018-15466
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...
Design/Logic Flaw
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...
CVE-2018-15466
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...
CVE-2018-15466
CVE-2018-15466 describes unauthenticated access to the Graphite web interface of Cisco Policy Suite’s PCRF. The issue stems from a lack of authentication, enabling an unauthenticated, remote attacker with internal-VLAN access to directly connect to the Graphite interface and view statistics/KPIs ...
CVE-2018-15466 Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...
Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...
Graphite Web Unsafe Pickle Handling
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Graphite Web Unsafe Module Handling Code Execution (CVE-2013-5093)
A command injection vulnerability has been reported in Graphite Web...
FreeBSD : py-graphite-web -- Multiple vulnerabilities (e1f99d59-81aa-4662-bf62-c1076f5016c8)
Graphite developers report : This release contains several security fixes for cross-site scripting XSS as well as a fix for a remote-execution exploit in graphite-web CVE-2013-5903. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
PYSEC-2013-3
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...
CVE-2013-5093
Graphite Web (graphite-web) versions 0.9.5–0.9.10 are affected by an unsafe use of pickle in renderLocalView (render/views.py) that enables remote code execution via a crafted serialized object. Connected advisories corroborate a remote code execution vulnerability in graphite-web involving the p...
Fedora Update for graphite-web FEDORA-2013-15710
Check for the Version of graphite-web OpenVAS Vulnerability Test Fedora Update for graphite-web FEDORA-2013-15710 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Fedora Update for graphite-web FEDORA-2013-15713
Check for the Version of graphite-web OpenVAS Vulnerability Test Fedora Update for graphite-web FEDORA-2013-15713 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Fedora Update for graphite-web FEDORA-2013-15710
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for graphite-web FEDORA-2013-15713
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : graphite-web-0.9.12-1.fc19 (2013-15710)
This is both an update to 0.9.12 and to address CVE-2013-5093. Correctly pull in fonts. Initial package import. Initial package import. Initial package import. Initial package import. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora securit...
Fedora 18 : graphite-web-0.9.12-1.fc18 (2013-15713)
This is both an update to 0.9.12 and to address CVE-2013-5093. Correctly pull in fonts. Initial package import. Initial package import. Initial package import. Initial package import. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora securit...