Lucene search
K

172 matches found

CVE
CVE
added 2020/05/24 5:24 p.m.245 views

CVE-2020-13430

CVE-2020-13430 affects Grafana before 7.0.0, enabling cross-site scripting via the OpenTSDB datasource tag value. The vulnerability is tied to the Grafana OpenTSDB data source handling and is mitigated by upgrading Grafana to version 7.0.0 or newer (as noted in the Grafana 7.0.0 release). Other N...

6.1CVSS6AI score0.0182EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2020/05/14 2:36 a.m.34 views

[SECURITY] Fedora 32 Update: grafana-6.7.3-1.fc32

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

5.5CVSS1.4AI score0.00465EPSS
Exploits1
Fedora
Fedora
added 2020/05/14 2:29 a.m.42 views

[SECURITY] Fedora 31 Update: grafana-6.7.3-1.fc31

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

5.5CVSS1.4AI score0.00465EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/04/28 4:11 p.m.40 views

Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.5AI score0.63388EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2019/09/09 12:0 a.m.32 views

Fedora Update for grafana FEDORA-2019-77d612eab4

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.63388EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2019/09/09 12:0 a.m.36 views

Fedora Update for grafana FEDORA-2019-0bb6b876da

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.63388EPSS
Exploits1References2
Fedora
Fedora
added 2019/09/08 3:9 a.m.40 views

[SECURITY] Fedora 29 Update: grafana-6.3.4-1.fc29

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

7.5CVSS1.4AI score0.63388EPSS
Exploits1
Fedora
Fedora
added 2019/09/08 2:59 a.m.39 views

[SECURITY] Fedora 30 Update: grafana-6.3.4-1.fc30

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

7.5CVSS1.4AI score0.63388EPSS
Exploits1
Veracode
Veracode
added 2018/07/02 4:4 a.m.14 views

Cross-Site Scripting (XSS)

opentsdb is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the type parameter with the /suggest URI...

6.1CVSS6AI score0.00672EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2018/07/02 3:57 a.m.15 views

Cross-site Scripting (XSS)

opentsdb is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the json parameter with the /q URL...

6.1CVSS6AI score0.0084EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2018/07/02 3:43 a.m.16 views

Remote Code Execution (RCE)

opentsdb is vulnerable to remote code execution RCE attacks. A malicious user can inject and execute arbitrary commands through a q request using the o, key, style, yrange , y2range parameters and the JSON input...

9.8CVSS9.9AI score0.02227EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/07/02 12:0 a.m.5 views

OpenTSDB cross-site scripting vulnerability (CNVD-2018-13554)

OpenTSDB is a set of open source, scalable distributed time series database. A cross-site scripting vulnerability exists in OpenTSDB version 2.3.0. A remote attacker can exploit this vulnerability by sending the 'type' parameter to the /suggest URI to inject arbitrary Web script or HTML...

6.1CVSS5.9AI score0.00672EPSS
Exploits0References1
Prion
Prion
added 2018/06/29 2:29 p.m.17 views

Design/Logic Flaw

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...

4.3CVSS5.8AI score0.00672EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/29 2:29 p.m.20 views

CVE-2018-13003

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...

6.1CVSS6.7AI score0.00672EPSS
Exploits0References1
OSV
OSV
added 2018/06/29 2:29 p.m.15 views

CVE-2018-13003

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...

6.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2018/06/29 2:0 p.m.25 views

CVE-2018-13003

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...

6.7AI score0.00672EPSS
Exploits0References1
CVE
CVE
added 2018/06/29 2:0 p.m.79 views

CVE-2018-13003

OpenTSDB 2.3.0 contains a reflected XSS in the /suggest endpoint where the parameter type is not properly sanitized, enabling injection of arbitrary JavaScript into the browser of a targeted user. The issue’s root cause is related to insufficient input validation of parameters reflected in respon...

6.1CVSS5.7AI score0.00672EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/06/29 5:29 a.m.16 views

Input validation

An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input...

7.5CVSS9.4AI score0.02227EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/29 5:29 a.m.10 views

CVE-2018-12972

An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input...

9.8CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2018/06/29 5:29 a.m.20 views

CVE-2018-12973

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI...

6.1CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder