MiracleLinux 8 : grafana-7.5.11-2.el8 (AXSA:2022-3494:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3494:02 advisory. grafana: directory traversal vulnerability CVE-2021-43813 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2025-43813

creationtimestamp| type| source ---|---|--- 2025-09-29 23:00:56+00:00| seen| Telegram/oJ1d5fSurtpk-sPFWNOnp9H-QhJ2sTDsFLOrgd7Rpme0xYA...

CVE-2025-43813

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

Mattermost Server 9.5.x < 9.5.8 / 9.10.x < 9.10.1 (MMSA-2024-00364)

The version of Mattermost Server installed on the remote host is prior to 9.5.8 or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00364 advisory. - Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to enforce proper access controls which allows any...

CVE-2024-43813

creationtimestamp| type| source ---|---|--- 2024-08-22 10:10:50+00:00| seen| https://t.me/cvedetector/3898...

CVE-2024-43813 IDOR when marking read a user's channel

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user...

CVE-2024-43813 IDOR when marking read a user's channel

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user...

Grafana directory traversal for .cvs files

Today we are releasing Grafana 8.3.2 and 7.5.12. This patch release includes a moderate severity security fix for directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability i...

GHSA-7533-C8QV-JM9M Grafana directory traversal for .cvs files

Today we are releasing Grafana 8.3.2 and 7.5.12. This patch release includes a moderate severity security fix for directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability i...

FreeBSD : GLPI -- multiple vulnerabilities (ed688880-00c4-11ef-92b7-589cfc023192)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ed688880-00c4-11ef-92b7-589cfc023192 advisory. - GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prio...

CVE-2023-43813

creationtimestamp| type| source ---|---|--- 2024-01-10 12:11:10+00:00| seen| https://t.me/ctinow/165727 2024-03-25 18:27:05+00:00| published-proof-of-concept| https://t.me/truesecator/5564...

CVE-2023-43813

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue...

CVE-2023-43813

CVE-2023-43813 affects GLPI, with a SQL injection in the saved search / search functionality. Technical details across connected sources show: before version 10.0.11 (per initial entry) and up to 10.0.11, the saved/search mechanism allows SQL injection; several notes indicate a patch exists in 10...

CVE-2023-43813 glpi Authenticated SQL Injection

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue...

CVE-2023-43813 glpi Authenticated SQL Injection

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue...

Rocky Linux 8 : grafana (RLSA-2022:1781)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1781 advisory. - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability fo...

SUSE: Security Advisory (SUSE-SU-2022:4428-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update

A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

SUSE: Security Advisory (SUSE-SU-2022:2134-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : grafana (ELSA-2022-1781)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-1781 advisory. - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for...