CVE-2022-35942 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

GHSA-J259-6C58-9M58 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

PT-2022-23048 · Loopback +1 · Loopback +1

Name of the Vulnerable Software and Affected Versions: LoopBack versions prior to 5.5.1 Description: Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34115 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34115 Source advisory: OSV:GHSA-VJMR-6PMM-RPRF...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34114 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34114 Source advisory: OSV:GHSA-HMVW-66JM-H9FH...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34113 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34113 Source advisory: OSV:GHSA-5469-C5P2-XV5G...

Malicious code in upwork-atlas-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef31b105d745aff3f04709c1ee435b5930984fc9925c235afc43c747d1e15c22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6817 Malicious code in upwork-atlas-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef31b105d745aff3f04709c1ee435b5930984fc9925c235afc43c747d1e15c22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in epam-timebase-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e389d1581bb6ede792d133845ef606c250129ff5917376a70ae4396c6cc51d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2764 Malicious code in epam-timebase-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e389d1581bb6ede792d133845ef606c250129ff5917376a70ae4396c6cc51d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in paytm-kapacitor-simplejson-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84649341022644835524ed653b8d6c2d04fe565ff315c3fe006b339bce8144da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Grafana XSS via the OpenTSDB datasource

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

GHSA-22C6-3H88-26M3 Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. This issue was fixed in version 4.4.2...

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. This issue was fixed in version 4.4.2...

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. This issue was fixed in version 4.4.2...

Grafana Datasource Network Restriction Bypass Vulnerability (GHSA-9rrr-6fq2-4f99)

Grafana is prone to a datasource network restriction bypass vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Server-side Request Forgery (SSRF)

Grafana is vulnerable to server-side request forgery. The vulnerability allows someone to bypass these security configurations if a malicious datasource running on an allowed host returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request...

CVE-2022-29170

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...

CVE-2022-29170 Grafana Enterprise datasource network restrictions bypass via HTTP redirects

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...