OPENSUSE-SU-2024:11694-1 grafana-7.5.12-1.1 on GA media

These are all security issues fixed in the grafana-7.5.12-1.1 package on the GA media of openSUSE Tumbleweed...

Grafana directory traversal for .cvs files

Today we are releasing Grafana 8.3.2 and 7.5.12. This patch release includes a moderate severity security fix for directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability i...

grafana: directory traversal vulnerability

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

SUSE-SU-2022:0310-1 Security Beta update for SUSE Manager Client Tools

This update fixes the following issues: grafana: - Update to version 7.5.12: Fix markdown path traversal 42969, bsc1193688, CVE-2021-43813 - Recreate tarballs using the makefile to update the npm and go modules required - Update to version 7.5.11: Fix Snapshot authentication bypass bsc1191454,...

OESA-2021-1470 grafana security update

Metrics dashboard and graph editor. Security Fixes: Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope,...

Vulnerabilities fixed in Grafana

Grafana Labs has fixed two vulnerabilities in Grafana. The vulnerabilities allow an authenticated malicious person to to gain access to sensitive data. This data is limited to arbitrary .md and .csv files. Obtaining unauthorized access to csv files requires it is necessary that the resource...

UBUNTU-CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

DiskBoss Enterprise 7.5.12 - POST Remote Buffer Overflow (SEH)

DiskBoss Enterprise 7.5.12 - POST Remote Buffer Overflow SEH !/usr/bin/python Exploit Title: DiskBoss Enterprise 7.5.12 SEH + Egghunter Buffer Overflow Date: 10-01-2017 Exploit Author: Wyndell Bibera Software Link: http://www.diskboss.com/setups/diskbossentsetupv7.5.12.exe Version: 7.5.12 Tested...