Malicious code in paytm-kapacitor-simplejson-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84649341022644835524ed653b8d6c2d04fe565ff315c3fe006b339bce8144da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Grafana XSS via the OpenTSDB datasource

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

GHSA-22C6-3H88-26M3 Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. This issue was fixed in version 4.4.2...

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. This issue was fixed in version 4.4.2...

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. This issue was fixed in version 4.4.2...

Grafana Datasource Network Restriction Bypass Vulnerability (GHSA-9rrr-6fq2-4f99)

Grafana is prone to a datasource network restriction bypass vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Server-side Request Forgery (SSRF)

Grafana is vulnerable to server-side request forgery. The vulnerability allows someone to bypass these security configurations if a malicious datasource running on an allowed host returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request...

CVE-2022-29170 Grafana Enterprise datasource network restrictions bypass via HTTP redirects

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...

CVE-2022-29170

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...

GHSA-PPG2-WW3W-HQ84 User confusion in IronJacamar

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

User confusion in IronJacamar

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

Cross site scripting

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

CVE-2022-21702 Cross site scripting in Grafana proxy

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

CVE-2022-21702 Cross site scripting in Grafana proxy

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

Grafana proxy XSS

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

Remote Code Execution (RCE)

org.apache.kylin:kylin-datasource-sdk is vulnerable to remote code execution. A remote attacker is able to inject and execute malicious code from a hacker-controlled malicious MySQL server within Kylin server processes because the library allows users to read data from other database systems usin...

UBUNTU-CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

GHSA-R695-7VR9-JGC2 Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

GHSA-H3CW-G4MQ-C5X2 Code Injection in jackson-databind

This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2021-37137 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2021-37137 Source advisory: OSV:GHSA-9VJP-V76F-G363...