CVE-2024-13050

CVE-2024-13050 affects Ashlar-Vellum Graphite. The root cause is a failure to validate the length of user-supplied data while parsing VC6 files, causing a heap-based buffer overflow that can lead to remote code execution. The vulnerability requires user interaction (the target must open a malicio...

Ashlar Vellum Graphite 安全漏洞

Ashlar Vellum Graphite is a CAD modeling software from Ashlar, Inc. A security vulnerability exists in Ashlar Vellum Graphite that stems from a failure to properly validate the length of user-supplied data before copying it to a heap-based buffer. An attacker could exploit the vulnerability to...

Ashlar Vellum Graphite 安全漏洞

Ashlar Vellum Graphite is a CAD modeling software from Ashlar, Inc. A security vulnerability exists in Ashlar Vellum Graphite that stems from a failure to properly validate the length of user-supplied data before copying it to a heap-based buffer. An attacker could exploit the vulnerability to...

(0Day) Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

(0Day) Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

PT-2024-17907 · Ashlar Vellum · Ashlar-Vellum Graphite

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Graphite affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this issue, where th...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip:...

ALSA-2024:9115 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip:...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 dompurify:...

ALSA-2024:8678 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

RHEL 8 : grafana (RHSA-2024:8327)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8327 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips:...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 For more details about the security issues, including the impact, a CVSS score...

RHEL 9 : grafana (RHSA-2024:7202)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:7202 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang:...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2024-17908 · Ashlar Vellum · Ashlar-Vellum Graphite

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Graphite affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this issue, where th...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana that stems from the fact that if a...

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:5291 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip:...

New Go-based Backdoor GoGra Targets South Asian Media Organization

An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. "GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control C&C server hosted on Microsoft mail services," Symantec, part ...

ALSA-2024:3265 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 grafana: vulnerable to authorization bypass CVE-2024-1313 For more details...