Lucene search
K

611 matches found

OSV
OSV
added 2022/02/08 7:40 p.m.25 views

CVE-2022-21702 Cross site scripting in Grafana proxy

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

6.5CVSS7AI score0.02359EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/25 1:12 p.m.112 views

Security Bulletin: IBM Observability by Instana and IBM Observability with Instana - Server and Agents are vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Vulnerabilities detected in Apache Log4j affects IBM Observability by Instana and IBM Observability with Instana. The CVE numbers are: CVE-2021-45105 and CVE-2021-45046. These vulnerabilities have been addressed in both the Server and Agent components. The fix includes Apache Log4j v2.17...

10CVSS1.3AI score0.99999EPSS
Exploits355Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/01/21 12:0 a.m.39 views

openSUSE 15 Security Update : grafana (openSUSE-SU-2022:0140-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0140-1 advisory. - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the...

9.8CVSS7.3AI score0.99888EPSS
Exploits1References7
CVE
CVE
added 2022/01/18 9:35 p.m.232 views

CVE-2022-21673

Grafana Forward OAuth Identity vulnerability (CVE-2022-21673) affects Grafana data sources with Forward OAuth Identity enabled, allowing API token holders to access data tied to the most recently logged-in user. Root cause: data sources with the Forward OAuth Identity feature enabled, OAuth enabl...

4.3CVSS6.2AI score0.02013EPSS
Exploits0References7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.31 views

Security Bulletin: Vulnerability affects IBM Observability with Instana

Summary Vulnerability detected in Elasticsearch before version 7.10.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22132 DESCRIPTION: Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the async...

4.8CVSS5.2AI score0.01241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.35 views

Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana

Summary Vulnerabilities detected in Elasticsearch versions before 7.2.1 and 6.8.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2019-7614 DESCRIPTION: Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a race...

5.9CVSS5.3AI score0.01008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.39 views

Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana

Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22921 DESCRIPTION: Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in t...

7.8CVSS6.9AI score0.23132EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.24 views

Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana

Summary Vulnerabilities detected in Elasticsearch before versions 7.9.0 and 6.8.12 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2020-7019 DESCRIPTION: Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a field disclosure...

6.5CVSS6.1AI score0.01204EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.26 views

Security Bulletin: Vulnerabilitiy affects IBM Observability with Instana

Summary Vulnerabilities detected in Elasticsearch versions before 7.9.2 and 6.8.13 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2020-7020 DESCRIPTION: Elastic Enterprise Search could allow a remote authenticated attacker to obtain sensitive information, caused by not...

3.5CVSS4.4AI score0.00999EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.32 views

Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana

Summary Vulnerabilities detected in Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw in...

8.8CVSS7AI score0.02429EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.39 views

Security Bulletin: Vulnerability affects IBM Observability with Instana

Summary Vulnerability detected in Elasticsearch versions before 7.10.0 and 6.8.14 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2020-7021 DESCRIPTION: Elasticsearch could allow a local authenticated attacker to obtain sensitive information, caused by an error when audit...

4.9CVSS5.3AI score0.01313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.60 views

Security Bulletin: Vulnerabilitiy in Apache Log4jaffects IBM Observability with Instana - Server and Agents (CVE-2021-44228)

Summary Vulnerabilities detected in Apache Log4j versions before v2.16.0 affects IBM Observability with Instana. These have been addressed in both the Server and Agent components. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

10CVSS1.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.34 views

Security Bulletin: Vulnerability affects IBM Observability with Instana

Summary Vulnerabilities detected in Node.js versions before v14.17.4 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22930 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling...

9.8CVSS8.9AI score0.37286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.117 views

Security Bulletin: Vulnerabilitiy affects IBM Observability with Instana

Summary Vulnerabilities detected in Node.js versions before v14.17.5 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a...

9.8CVSS8.5AI score0.37286EPSS
Exploits0Affected Software1
CVE
CVE
added 2021/12/10 8:40 p.m.193 views

CVE-2021-43815

CVE-2021-43815 affects Grafana where an authenticated user could perform a directory traversal to read arbitrary *.csv files via the /api/ds/query path. Affected versions are Grafana 8.0.0-beta3 through 8.3.1 (and related impact notes). The issue is limited to instances with the TestData DB data ...

4.3CVSS4.8AI score0.01773EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2021/12/10 6:15 p.m.41 views

CVE-2021-43813

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

4.3CVSS6.8AI score0.57991EPSS
Exploits0References8
CVE
CVE
added 2021/12/10 5:30 p.m.253 views

CVE-2021-43813

Grafana prior to 8.3.2 and 7.5.12 has a directory traversal vulnerability enabling access to fully lowercase or fully uppercase .md files by authenticated users. The root cause is a directory traversal flaw in the Markdown path, with affected versions 8.0.0–8.3.1 and 7.0–7.5.11 (per advisories). ...

4.3CVSS5.1AI score0.57991EPSS
Exploits0References8Affected Software1
VMware
VMware
added 2021/12/10 12:0 a.m.153 views

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

9.3CVSS0.4AI score0.99999EPSS
Exploits357References4Affected Software55
VMware
VMware
added 2021/12/10 12:0 a.m.152 views

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

9.3CVSS0.4AI score0.99999EPSS
Exploits357References4Affected Software54
VMware
VMware
added 2021/12/10 12:0 a.m.62 views

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

9.3CVSS0.4AI score0.99999EPSS
Exploits355References4Affected Software51
Rows per page
Query Builder