By Risk Score
By Publish Date
By Recent Activity
cve-2020-13379 vulnerabilities and exploits
(subscribe to this query)
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information...
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read....
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file....
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource....
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip....
Grafana version < 6.7.3 is vulnerable for annotation popup XSS....
websocket-extensions npm module prior to 1.0.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash...
Kubernetes Kubectl/API Server YAML parsing vulnerable to Billion Laughs Attack. CVE-2019-11253 is a YAML parsing vulnerability in the kube-apiserver, allowing users sending malicious YAML payloads to cause kube-apiserver to consume excessive amounts of CPU and memory,...
2 Github repositories available
2 Articles available
1 Github repository available