Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. A security vulnerability exists in Grafana versions 0.9.0 through 1.2.2 that stems from not properly...

abeja-sdk (>=0.2.0rc1 <=1.1.0rc1), abejacli (>=1.0.2 <=1.0.2rc1) +817 more potentially affected by CVE-2018-25091 via urllib3 (>=1.10.2 <=1.24.1)

urllib3 PYPI version =1.10.2, =0.2.0rc1, =1.0.2, =0.18.0.3, =0.5.0, =0.70.0, =0.0.1, =0.5.0, =1.1.0rc6, =0.8.0, =0.0.2, =1.1.2 and more Source cves: CVE-2018-25091 Source advisory: OSV:PYSEC-2023-207...

CVE-2023-39999

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4...

mariadb: server crash in st_select_lex_unit::exclude_level

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component stselectlexunit::excludelevel...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

CVE-2023-22515 Exploit Script Affected Versions 8.0.0...

CVE-2023-36549

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters...

CVE-2022-22447

IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648...

0lever-utils (>=0.0.2 <=0.0.7), 2keys (=0.5.1) +4801 more potentially affected by CVE-2023-43804 via urllib3 (>=1.10.2 <=1.26.16)

urllib3 PYPI version =1.10.2, =0.0.2, =0.0.2, =0.1.0, =0.1.0, =0.2.0rc1, =1.0.2, =0.3.4, =0.4.6, =0.1.0, =0.5.6, =0.5.6.dev1 - acapy-patched-old =0.5.6 and more Source cves: CVE-2023-43804 Source advisory: OSV:GHSA-V845-JXX5-VC9F...

aaronblaser-sdk (>=1.0.0 <=1.0.1), actoolkit (>=2.6.4 <=2.6.10) +272 more potentially affected by CVE-2023-43804 via urllib3 (>=2.0.0 <=2.0.5)

urllib3 PYPI version =2.0.0, =1.0.0, =2.6.4, =0.0.1, =0.1.1, =0.5.0, =0.1.23, =0.4.3, =0.4.1, =0.0.12, =0.0.14 and more Source cves: CVE-2023-43804 Source advisory: OSV:GHSA-V845-JXX5-VC9F...

UBUNTU-CVE-2023-3979

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from a deleted project...

matrix-synapse-testutils (>=1.65.0.0 <=1.92.2.0) potentially affected by CVE-2023-42453 via matrix-synapse (>=1.65.0 <=1.92.2)

matrix-synapse PYPI version =1.65.0, =1.65.0.0, =1.92.2.0 Source cves: CVE-2023-42453 Source advisory: OSV:PYSEC-2023-180...

Synapse Security Breach

synapse is an application for open federated instant messaging and VoIP A security vulnerability exists in Synapse that stems from the temporary storage of plaintext passwords during password changes. Affected products and versions; Synapse versions prior to 1.66.0 through 1.93.0...

WordPress Plugin Welcart e-Commerce SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2023-38718

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606...

GraphQL.js Resource Management Error Vulnerability

GraphQL.js is a GraphQL reference implementation for JavaScript in the GraphQL open source. A security vulnerability exists in GraphQL.js versions 16.3.0 through 16.8.1, which stems from insufficient checking in the OverlappingFieldsCanBeMergedRule.ts file when parsing a large query, making it...

PT-2023-27415 · Ibm · Ibm Storage Protect

Name of the Vulnerable Software and Affected Versions: IBM Storage Protect versions 8.1.0.0 through 8.1.19.0 Description: The issue allows a privileged user to obtain sensitive information from the administrative command line client. Recommendations: For versions 8.1.0.0 through 8.1.19.0, conside...

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

Nats-Server Path Traversal Vulnerability

Nats-Server is a high-performance server for Nats.io, cloud and edge native messaging systems. A path traversal vulnerability exists in Nats-Server versions 2.2.0 through 2.7.4, which stems from a path from an administrative account to an administrative operation that is not as expected...

at.molindo:git-commit-id-plugin (=2.1.10-alpha-1), at.nonblocking:nonsnapshot-maven-plugin (=3.0.1) +4141 more potentially affected by CVE-2023-4759 via org.eclipse.jgit:org.eclipse.jgit (>=1.2.0.201112221803-r <=5.13.2.202306221912-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =1.2.0.201112221803-r, =2.0.0, =2.0.4, =0.1.1, =0.1.1, =2.0.0, =0.0.1, =0.2.8, =1.5.6 - br.com.sabium.gradle-bump:br.com.sabium.gradle-bump.gradle.plugin =1.0.1 and more Source cves: CVE-2023-4759 Source advisory: OSV:GHSA-3P86-9955-H393...