Lucene search
+L

15 matches found

OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5095 Grafana public dashboards disclose all direct mode datasources in github.com/grafana/grafana

Grafana public dashboards disclose all direct mode datasources in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 12:0 a.m.16 views

ALSA-2026:19134 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/23 11:43 a.m.5 views

grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...

8.1CVSS5.8AI score0.00647EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2026/02/18 12:0 a.m.10 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 grafana/grafana/pkg/services/dashboards: Grafana...

10CVSS5.6AI score0.01945EPSS
Exploits5References12
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.7 views

CVE-2026-0713

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

8.3CVSS6.7AI score0.00037EPSS
Exploits0References1
CVE
CVE
added 2026/01/15 1:10 p.m.18 views

CVE-2026-0713

The Red Hat/CIRCL/EUVD/PTSecurity entries confirm a security issue in Grafana’s API at /apis/dashboard.grafana.app/* affecting all API versions (v0alpha1, v1alpha1, v2alpha1). Root cause: authenticated users can bypass dashboard and folder permissions, allowing Viewer role to access all dashboard...

6.3AI score0.00037EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-20693

Malware in sbrugna...

6.1CVSS6.3AI score0.00793EPSS
Exploits0References3
OSV
OSV
added 2025/06/02 10:15 a.m.17 views

UBUNTU-CVE-2025-3260

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

8.3CVSS5.8AI score0.00501EPSS
Exploits0References2
Virtuozzo
Virtuozzo
added 2024/11/18 12:0 a.m.28 views

Virtuozzo Hybrid Infrastructure 6.3 Hotfix 1 (6.3.0-177)

This update provides stability and performance improvements. Vulnerability id: VSTOR-91833 A performance improvement. Vulnerability id: VSTOR-94382 Increased the number of Grafana dashboards that can be added to the Dashboard Directory. Vulnerability id: VSTOR-94508 In the admin panel, LUNs are n...

7AI score
Exploits0
Virtuozzo
Virtuozzo
added 2024/04/11 12:0 a.m.27 views

Virtuozzo Hybrid Infrastructure 6.1 Hotfix 1 (6.1.0-247)

In this release, Virtuozzo Hybrid Infrastructure enables selective updates of specific Kubernetes node groups, as well as provides stability and performance improvements. Vulnerability id: VSTOR-83526 Cannot filter backup plans by using the "Disabled" status. Vulnerability id: VSTOR-83662 Added...

7.3AI score
Exploits0
OSV
OSV
added 2022/12/14 2:21 a.m.42 views

GO-2022-1148 Resource exhaustion in github.com/libp2p/go-libp2p

go-libp2p is vulnerable to targeted resource exhaustion attacks. These attacks target libp2p's connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory ultimately leading to the process getting killed by the host's operating system. While a...

7.5CVSS7.3AI score0.00969EPSS
Exploits0References2
OSV
OSV
added 2021/06/21 5:32 p.m.6 views

SUSE-SU-2021:2114-1 Security update for SUSE Manager Server 4.0

This update fixes the following issues: cobbler: - Make 'fenceipmitool' a wrapper for 'fenceipmilan' using always lanplus bsc1184361 - Remove unused template for fenceipmitool. - Prevent some race conditions when writing tftpboot files and the destination directory is not existing bsc1186124 - Fi...

7.8CVSS6.8AI score0.03808EPSS
Exploits1References22
OSV
OSV
added 2020/11/06 3:55 p.m.5 views

SUSE-SU-2020:3235-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: bind-formula: - Temporarily disable dnssec-validation as hotfix for bsc1177790 grafana-formula: - Use variable for product name - Add HA/SAP dashboards - Add support for system groups in Client Systems dashboard image-sync-formula: - Do not use .gz suffix f...

9.8CVSS7.5AI score0.99585EPSS
Exploits5References31
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.37 views

SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2019:2049-1)

This update for ceph fixes the following issues : Security issues fixed : CVE-2019-3821: civetweb: fix file descriptor leak bsc1125080 CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth bsc1121567 Non-security issues fixed: install grafana dashboards world readable...

7.5CVSS6.6AI score0.02946EPSS
Exploits1References19
OSV
OSV
added 2019/08/05 3:56 p.m.13 views

SUSE-SU-2019:2049-1 Security update for ceph

This update for ceph fixes the following issues: Security issues fixed: - CVE-2019-3821: civetweb: fix file descriptor leak bsc1125080 - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth bsc1121567 Non-security issues fixed: - install grafana dashboards world...

7.5CVSS6.6AI score0.02946EPSS
Exploits1References17
Rows per page
Query Builder