Vulnerabilities > Opentsdb

DATE CVE VULNERABILITY TITLE RISK
2023-06-30 CVE-2023-36812 Unspecified vulnerability in Opentsdb
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB).
network
low complexity
opentsdb
critical
9.8
2023-05-03 CVE-2023-25826 OS Command Injection vulnerability in Opentsdb
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system.
network
low complexity
opentsdb CWE-78
critical
9.8
2023-05-03 CVE-2023-25827 Cross-site Scripting vulnerability in Opentsdb
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user.
network
low complexity
opentsdb CWE-79
6.1
2020-12-16 CVE-2020-35476 OS Command Injection vulnerability in Opentsdb
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter.
network
low complexity
opentsdb CWE-78
critical
9.8
2018-06-29 CVE-2018-13003 Cross-site Scripting vulnerability in Opentsdb 2.3.0
An issue was discovered in OpenTSDB 2.3.0.
network
low complexity
opentsdb CWE-79
6.1
2018-06-29 CVE-2018-12973 Cross-site Scripting vulnerability in Opentsdb 2.3.0
An issue was discovered in OpenTSDB 2.3.0.
network
low complexity
opentsdb CWE-79
6.1
2018-06-29 CVE-2018-12972 OS Command Injection vulnerability in Opentsdb 2.3.0
An issue was discovered in OpenTSDB 2.3.0.
network
low complexity
opentsdb CWE-78
critical
9.8