Known Vulnerabilities for products from Opentsdb

Listed below are 7 of the newest known vulnerabilities associated with the vendor "Opentsdb".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-36812 json OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution... 9.8 - CRITICAL 2023-06-30 2023-09-08
CVE-2023-25827 json Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoi... 6.1 - MEDIUM 2023-05-03 2023-05-10
CVE-2023-25826 json Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS comman... 9.8 - CRITICAL 2023-05-03 2023-09-08
CVE-2020-35476 json A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yra... 9.8 - CRITICAL 2020-12-16 2023-03-03
CVE-2018-13003 json An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI. 6.1 - MEDIUM 2018-06-29 2018-08-21
CVE-2018-12973 json An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI. 6.1 - MEDIUM 2018-06-29 2018-08-21
CVE-2018-12972 json An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and y... 9.8 - CRITICAL 2018-06-29 2019-10-03

Known software with vulnerabilities from Opentsdb

Type Vendor Product Version
ApplicationOpentsdbOpentsdb1.0.0