Skip to main content

Opentsdb

7 CVEs product

Monthly

CVE-2023-36812 Maven CRITICAL POC PATCH THREAT Act Now

OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Opentsdb
NVD GitHub
CVSS 3.1
9.8
EPSS
16.5%
CVE-2023-25827 Maven MEDIUM PATCH This Month

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Opentsdb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-25826 Maven CRITICAL POC PATCH THREAT Act Now

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Opentsdb
NVD GitHub
CVSS 3.1
9.8
EPSS
35.6%
CVE-2020-35476 Maven CRITICAL POC THREAT Emergency

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection Opentsdb
NVD GitHub
CVSS 3.1
9.8
EPSS
85.3%
CVE-2018-13003 Maven MEDIUM This Month

An issue was discovered in OpenTSDB 2.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opentsdb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12973 Maven MEDIUM This Month

An issue was discovered in OpenTSDB 2.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opentsdb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-12972 Maven CRITICAL Act Now

An issue was discovered in OpenTSDB 2.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Opentsdb
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
EPSS 17% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Opentsdb
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Opentsdb
NVD GitHub
EPSS 36% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Opentsdb
NVD GitHub
EPSS 85% CVSS 9.8
CRITICAL POC THREAT Emergency

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in OpenTSDB 2.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opentsdb
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in OpenTSDB 2.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opentsdb
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in OpenTSDB 2.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Opentsdb
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy