9 matches found
Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016609)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016609 advisory. Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest...
CVE-2026-31802
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...
CVE-2026-31802
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...
CVE-2026-31802
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...
MiracleLinux 8 : grafana-7.5.11-3.el8 (AXSA:2022-3704:04)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3704:04 advisory. grafana: OAuth account takeover CVE-2022-31107 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...
BIT-GRAFANA-2021-39226 Snapshot authentication bypass in grafana
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...
SUSE CVE-2021-39226
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...
Low: grafana security, bug fix, and enhancement update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 7.5.11. BZ1993214 Security Fixes: grafana: directory traversal vulnerability CVE-2021-43813 For more details...
CVE-2021-39226
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...