320 matches found
EUVD-2022-5501
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-1000816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running...
Linux Distros Unpatched Vulnerability : CVE-2022-36640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the...
Linux Distros Unpatched Vulnerability : CVE-2024-30896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the...
CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5
CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5. A patched version of the package is available...
CVE-2022-36640
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...
CVE-2019-10329
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Security Bulletin: IBM Security Verify Information Queue does not hide the InfluxDB credentials when setting up the logs stack (CVE-2021-20410)
Summary IBM Security Verify Information Queue ISIQ offers an optional logs stack to demonstrate logging and monitoring. The logs stack YAML file has parameters for defining an InfluxDB instance. The parameters include the InfluxDB user and password credentials. As of ISIQ v10.0.0, these credentia...
CVE-2025-22870 affecting package influxdb for versions less than 2.7.5-3
CVE-2025-22870 affecting package influxdb for versions less than 2.7.5-3. A patched version of the package is available...
CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-3
CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-3. A patched version of the package is available...
AZL-60479 CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
📄 InfluxDB OSS 2.7.11 Privilege Escalation
InfluxDB OSS versions 2.7.11 and below suffer from a privilege escalation vulnerability. Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Explo...
InfluxDB OSS 2.7.11 - Operator Token Privilege Escalation
Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Exploit repo: https://github.com/XenoM0rph97/CVE-2024-30896 Software Link:...
CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / cert-manager / cf-cli / coredns (CVE-2024-51744)
The version of application-gateway-kubernetes-ingress / azcopy / cert-manager / cf-cli / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-51744 advisory. - golang-jwt is a Go implementation...
Azure Linux 3.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)
The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...
CVE-2025-22870 affecting package influxdb for versions less than 2.6.1-22
CVE-2025-22870 affecting package influxdb for versions less than 2.6.1-22. A patched version of the package is available...
CVE-2024-51744 affecting package influxdb for versions less than 2.6.1-22
CVE-2024-51744 affecting package influxdb for versions less than 2.6.1-22. A patched version of the package is available...
AZL-77508 CVE-2025-30204 affecting package influxdb for versions less than 2.6.1-30
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-77522 CVE-2025-30204 affecting package influxdb 2.7.5-10
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
Azure Linux 3.0 Security Update: cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb (CVE-2025-27144)
The version of cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27144 advisory. - Go JOSE provides an...