Design/Logic Flaw

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...

CVE-2022-31123

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...

CVE-2022-39229 Grafana users with email as a username can block other users from signing in

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, th...

CVE-2022-31123

Grafana contains a plugin-signature verification bypass (CVE-2022-31123) due to a versioning flaw in signed/unsigned plugin handling. A local authenticated attacker could persuade a server admin to load a malicious unsigned plugin. Affected CTs: Grafana versions prior to 9.1.8 and 8.5.14. Remedia...

CVE-2022-39229

CVE-2022-39229 (Grafana) affects Grafana versions prior to 9.1.8 and 8.5.14. The issue stems from the login system allowing sign-in with either username or email while usernames and emails are unique, enabling a user to block another by registering someone else’s email as their username. Reported...

CVE-2022-39201

Grafana CVE-2022-39201 affects Grafana before patches in 8.5.14 and 9.1.8. The issue allows a destination plugin to receive a user’s Grafana authentication cookie via data source and plugin proxy endpoints under certain conditions, enabling cookie leakage. Patched in Grafana 8.5.14 and 9.1.8; oth...

CVE-2022-31130

CVE-2022-31130 affects Grafana: older Grafana releases expose authentication tokens via destination plugins, impacting data source and plugin proxy endpoints. Specifically, versions prior to 9.1.8 and 8.5.14 can leak a user’s Grafana token to a destination plugin under certain conditions; a patch...

CVE-2022-31123 Grafana plugin signature bypass vulnerability

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...

CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

[SECURITY] Fedora 37 Update: zabbix-6.0.8-1.fc37

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

Fedora: Security Advisory for zabbix (FEDORA-2022-0d56cb7ee4)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-44835

An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection...

CVE-2021-44835

An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection...

Sql injection

An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection...

CVE-2021-44835

CVE-2021-44835 affects Active Intelligent Visualization 5, where the Vdc header is used directly in SQL queries without sanitization, leading to SQL injection. The vulnerability is documented across multiple sources (NVD/NVDC/CVE lists and third-party advisories) with a reported high/critical imp...

CVE-2021-44835

An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection...

PT-2022-12239 · Unknown · Active Intelligent Visualization

Name of the Vulnerable Software and Affected Versions: Active Intelligent Visualization version 5 Description: An issue was discovered where the Vdc header is used in a SQL query without being sanitized, causing SQL injection. Recommendations: For Active Intelligent Visualization version 5,...

AIVHUB Active Intelligent Visualization 5 SQL注入漏洞

AIVHUB Active Intelligent Visualization is a powerful reporting and data visualization server from AIVHUB India. A security vulnerability exists in AIVHUB Active Intelligent Visualization 5, which stems from the use of uncleaned Vdc headers in SQL queries...

GHSA-XFHG-9PJG-XG7G VTK NULL pointer dereference vulnerability

There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may...

DEBIAN-CVE-2021-42521

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer...