The vulnerability in the graphite2::Silf::readGraphite function of the Graphite library for Mozilla Firefox and Mozilla Firefox ESR browsers allows an attacker to cause a service failure or execute arbitrary code.

The vulnerability of graphite2::Silf::readGraphite in the Graphite 2 library for Mozilla Firefox and Mozilla Firefox ESR browsers relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary cod...

The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service...

Denial Of Service (DoS)

firefox is vulnerable to denial of service DoS attacks. The vulnerability exists as the TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote...

CVE-2018-15466

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...

Design/Logic Flaw

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...

CVE-2018-15466

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...

CVE-2018-15466 Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...

CVE-2018-15466

CVE-2018-15466 describes unauthenticated access to the Graphite web interface of Cisco Policy Suite’s PCRF. The issue stems from a lack of authentication, enabling an unauthenticated, remote attacker with internal-VLAN access to directly connect to the Graphite interface and view statistics/KPIs ...

Cisco Policy Suite Access Control Error Vulnerability

Cisco Policy Suite CPS is the United States Cisco Cisco company's set of next-generation policy management solutions. The program provides user-based business rules, applications and real-time management of network resources and other functions. policy and Charging Rules Function PCRF is one of t...

Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...

CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is susceptible to cross-site scripting XSS. The vulnerability is possible because it does not escape the typeahead values in metric segment, query part and sql part in Influxdb and Graphite query editor...

CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

Cross site scripting

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

UBUNTU-CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

CVE-2018-1000816

Grafana (versions 5.2.4 and 5.3.0) has an XSS vulnerability in the InfluxDB and Graphite query editor that can execute arbitrary JavaScript in a victim’s browser. Exploitation requires an authenticated user to click in the input field containing the payload; no remediation or patch details are pr...

Security Bulletin: Vulnerabilities in Graphite2 affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Graphite 2 Library. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-7778 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write i...