SUSE CVE-2016-2800

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

SUSE CVE-2016-2801

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted...

SUSE CVE-2016-2802

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite...

SUSE CVE-2017-5436

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox...

SUSE CVE-2017-7773

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor...

SUSE CVE-2017-7776

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph...

SUSE CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

SUSE CVE-2017-18638

sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...

SUSE CVE-2018-7999

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file...

SUSE CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

SUSE CVE-2019-7616

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery SSRF flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an...

Debian: Security Advisory (DLA-3309-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3309-1] graphite-web security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3309-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 06, 2023 https://wiki.debian.org/LTS -...

Debian dla-3309 : graphite-web - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3309 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3309-1 [email protected]...

DLA-3309-1 graphite-web - security update

Bulletin has no description...

CVE-2022-4730

A flaw was found in the graphite-web package. Affected versions of this package are vulnerable to Cross-site scripting...

CVE-2022-4729

A flaw was found in the graphite-web package. Affected versions of this package are vulnerable to Cross-site scripting...

CVE-2022-4728

A flaw was found in the graphite-web package. Affected versions of this package are vulnerable to Cross-site scripting...

Cross-site Scripting (XSS)

graphite-web is vulnerable to cross-site scripting. The vulnerability exists because the views.py does not properly escape the template name attribute before being rendered, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

graphite-web is vulnerable to cross-site scripting. The vulnerability exists because the updateTimeRange function of dashboard.js does not properly escape the Absolute Time Range values before being rendered, allowing an attacker to inject and execute malicious JavaScript...