611 matches found
CVE-2022-21702 Cross site scripting in Grafana proxy
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...
Security Bulletin: IBM Observability by Instana and IBM Observability with Instana - Server and Agents are vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary Vulnerabilities detected in Apache Log4j affects IBM Observability by Instana and IBM Observability with Instana. The CVE numbers are: CVE-2021-45105 and CVE-2021-45046. These vulnerabilities have been addressed in both the Server and Agent components. The fix includes Apache Log4j v2.17...
openSUSE 15 Security Update : grafana (openSUSE-SU-2022:0140-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0140-1 advisory. - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the...
CVE-2022-21673
Grafana Forward OAuth Identity vulnerability (CVE-2022-21673) affects Grafana data sources with Forward OAuth Identity enabled, allowing API token holders to access data tied to the most recently logged-in user. Root cause: data sources with the Forward OAuth Identity feature enabled, OAuth enabl...
Security Bulletin: Vulnerability affects IBM Observability with Instana
Summary Vulnerability detected in Elasticsearch before version 7.10.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22132 DESCRIPTION: Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the async...
Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana
Summary Vulnerabilities detected in Elasticsearch versions before 7.2.1 and 6.8.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2019-7614 DESCRIPTION: Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a race...
Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana
Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22921 DESCRIPTION: Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in t...
Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana
Summary Vulnerabilities detected in Elasticsearch before versions 7.9.0 and 6.8.12 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2020-7019 DESCRIPTION: Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a field disclosure...
Security Bulletin: Vulnerabilitiy affects IBM Observability with Instana
Summary Vulnerabilities detected in Elasticsearch versions before 7.9.2 and 6.8.13 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2020-7020 DESCRIPTION: Elastic Enterprise Search could allow a remote authenticated attacker to obtain sensitive information, caused by not...
Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana
Summary Vulnerabilities detected in Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw in...
Security Bulletin: Vulnerability affects IBM Observability with Instana
Summary Vulnerability detected in Elasticsearch versions before 7.10.0 and 6.8.14 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2020-7021 DESCRIPTION: Elasticsearch could allow a local authenticated attacker to obtain sensitive information, caused by an error when audit...
Security Bulletin: Vulnerabilitiy in Apache Log4jaffects IBM Observability with Instana - Server and Agents (CVE-2021-44228)
Summary Vulnerabilities detected in Apache Log4j versions before v2.16.0 affects IBM Observability with Instana. These have been addressed in both the Server and Agent components. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: Vulnerability affects IBM Observability with Instana
Summary Vulnerabilities detected in Node.js versions before v14.17.4 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22930 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling...
Security Bulletin: Vulnerabilitiy affects IBM Observability with Instana
Summary Vulnerabilities detected in Node.js versions before v14.17.5 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a...
CVE-2021-43815
CVE-2021-43815 affects Grafana where an authenticated user could perform a directory traversal to read arbitrary *.csv files via the /api/ds/query path. Affected versions are Grafana 8.0.0-beta3 through 8.3.1 (and related impact notes). The issue is limited to instances with the TestData DB data ...
CVE-2021-43813
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...
CVE-2021-43813
Grafana prior to 8.3.2 and 7.5.12 has a directory traversal vulnerability enabling access to fully lowercase or fully uppercase .md files by authenticated users. The root cause is a directory traversal flaw in the Markdown path, with affected versions 8.0.0–8.3.1 and 7.0–7.5.11 (per advisories). ...
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...