94 matches found
Grafana 访问控制错误漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. An access control error vulnerability exists in Grafana Plugin Image Renderer, which can be exploited b...
Grafana Image Renderer leaking files
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
Grafana -- Unauthorized file disclosure
Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files i...
openSUSE Security Update : grafana / grafana-piechart-panel / grafana-status-panel (openSUSE-2020-892)
This update for grafana, grafana-piechart-panel, grafana-status-panel fixes the following issues : grafana was updated to version 7.0.3 : - Features / Enhancements - Stats: include all fields. 24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. 25217, @hshoff - B...
PlayStation: SSRF on image renderer
Summary: image.api.np.km.playstation.net allows image urls to be passed via the image parameter It is possible to use this endpoint to send Gopher requests that result in SMTP messages being sent Steps To Reproduce: 1. Create a Gopher redirect PHP file to save to your server ', 'RCPT TO: ', 'DATA...
CVE-2017-7786
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
CVE-2017-7786
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
DEBIAN-CVE-2017-7786
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
CVE-2017-7786
A buffer overflow in the image renderer can be triggered when painting non-displayable SVG elements, causing a crash and, in some advisories, potential arbitrary-code execution. Affected products include Mozilla Thunderbird and Firefox/Firefox ESR prior to certain versions (Thunderbird < 52.3,...
CVE-2017-7786
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
ALPINE-CVE-2017-14448
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...
UBUNTU-CVE-2018-3838
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image t...
Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
CVE-2017-7786
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...