Lucene search
K

172 matches found

NVD
NVD
added 2020/12/16 8:15 a.m.47 views

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

9.8CVSS9.9AI score0.8533EPSS
Exploits5References2
OSV
OSV
added 2020/12/16 8:15 a.m.32 views

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

9.8CVSS8AI score
Exploits0References2
Prion
Prion
added 2020/12/16 8:15 a.m.26 views

Remote code execution

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

7.5CVSS9.8AI score0.8533EPSS
Exploits5References2Affected Software1
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.7 views

OpenTSDB 操作系统命令注入漏洞

OpenTSDB is a distributed, scalable time series database TSDB based on Hbase. A command execution vulnerability exists in OpenTSDB 2.4.0 and earlier versions. An attacker can exploit this vulnerability to achieve remote code execution via the yrange parameter injection command...

9.8CVSS7.9AI score0.8533EPSS
Exploits5References4
Cvelist
Cvelist
added 2020/12/16 12:0 a.m.66 views

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

9.9AI score0.8533EPSS
Exploits5References2
CVE
CVE
added 2020/12/16 12:0 a.m.188 views

CVE-2020-35476

OpenTSDB 2.4.0 and earlier is vulnerable to remote code execution via the yrange parameter, which writes a gnuplot file to /tmp and invokes it through mygnuplot.sh. The underlying issue is command injection not fully mitigated by tsd/GraphHandler.java, enabling an attacker to execute arbitrary co...

9.8CVSS9.7AI score0.8533EPSS
In wildExploits5References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/18 12:0 a.m.5 views

PT-2020-6865 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB versions prior to 2.4.1 Description: A remote code execution issue occurs due to command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory, which is then executed via the...

10CVSS9.9AI score0.8533EPSS
Exploits5References14
RedHat Linux
RedHat Linux
added 2020/11/04 1:31 a.m.55 views

Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

6.5CVSS6.6AI score0.09619EPSS
Exploits3References11
AlmaLinux
AlmaLinux
added 2020/11/03 12:26 p.m.59 views

Moderate: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 6.7.4. BZ1807323 Security Fixes: grafana: XSS vulnerability via a column style on the "Dashboard Table Panel...

6.5CVSS6.4AI score0.09619EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2020/07/01 6:46 p.m.4 views

grafana: XSS via the OpenTSDB datasource

A flaw was found in grafana Tag value XSS via the OpenTSDB datasource are possible. The highest threat from this vulnerability is to data confidentiality and integrity...

6.1CVSS7.1AI score0.0182EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/06/23 12:0 a.m.23 views

Fedora: Security Advisory for grafana (FEDORA-2020-e6e81a03d6)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS7AI score0.99856EPSS
Exploits7References2
RedhatCVE
RedhatCVE
added 2020/06/17 5:24 p.m.30 views

CVE-2020-13430

A flaw was found in grafana Tag value XSS via the OpenTSDB datasource are possible. The highest threat from this vulnerability is to data confidentiality and integrity...

4.3CVSS2.5AI score0.0182EPSS
Exploits0References3
Fedora
Fedora
added 2020/06/16 1:31 a.m.34 views

[SECURITY] Fedora 32 Update: grafana-6.7.4-1.fc32

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

8.2CVSS1.4AI score0.99856EPSS
Exploits6
Fedora
Fedora
added 2020/06/15 2:7 a.m.38 views

[SECURITY] Fedora 31 Update: grafana-6.7.4-1.fc31

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

8.2CVSS1.4AI score0.99856EPSS
Exploits7
Veracode
Veracode
added 2020/05/26 5:46 a.m.37 views

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the OpenTSDB datasource...

6.1CVSS4AI score0.0182EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2020/05/24 6:15 p.m.20 views

CVE-2020-13430

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

6.1CVSS6.4AI score0.0182EPSS
Exploits0References3
OSV
OSV
added 2020/05/24 6:15 p.m.30 views

CVE-2020-13430

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

6.1CVSS5.6AI score
Exploits0References3
Prion
Prion
added 2020/05/24 6:15 p.m.24 views

Code injection

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

4.3CVSS6.1AI score0.0182EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/05/24 6:15 p.m.32 views

CVE-2020-13430

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

6.1CVSS6.8AI score0.0182EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/05/24 5:24 p.m.29 views

CVE-2020-13430

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

6.2AI score0.0182EPSS
Exploits0References3
Rows per page
Query Builder