VulnCheck KEV: CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...

EUVD-2017-6586

Malware in sbrugna...

Parallels Desktop 安全漏洞

Parallels Desktop is a suite of virtual machine software for the macOS platform from US-based Parallels, Inc. A security vulnerability exists in Parallels Desktop for Mac version 20.1.1, which stems from a hard-linking issue in the Snapshot feature that could lead to elevated privileges...

Parallels Desktop 安全漏洞

Parallels Desktop is a suite of virtual machine software for the macOS platform from US-based Parallels, Inc. A security vulnerability exists in Parallels Desktop for Mac version 20.1.1, which stems from a symbolic linking issue in the Snapshot feature that could lead to elevated privileges...

PT-2024-15087 · WordPress · Wp Reset – Most Advanced Wordpress Reset Tool

Name of the Vulnerable Software and Affected Versions: The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress versions up to, and including, 2.0 Description: The issue allows unauthenticated attackers to extract sensitive data, including site backups, by brute-forcing snapshot...

BIT-GRAFANA-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...

SUSE CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...

CentOS 8 : grafana (CESA-2021:4226)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4226 advisory. - grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call CVE-2021-27358 - golang: crypto/elliptic:...

grafana security, bug fix, and enhancement update

An update is available for grafana. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...

CVE-2021-27358

A flaw was found in Grafana. The snapshot feature allows unauthenticated remote attackers to trigger a denial of service DoS via a remote API call if anonymous access is enabled. The highest threat from this vulnerability is to system availability...

CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...

Design/Logic Flaw

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...

UBUNTU-CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...

PT-2021-17412 · Grafana +6 · Grafana +6

Name of the Vulnerable Software and Affected Versions: Grafana versions 6.7.3 through 7.4.1 Description: The snapshot feature in Grafana can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. This issue is related...

D-Link DCS-1130 Command Injection Vulnerability (CNVD-2019-21464)

The D-Link DCS-1130 is a network camera from Taiwan, China-based AUO D-Link. A command injection vulnerability exists in the Snapshot feature of the D-Link DCS-1130. The vulnerability arises from a network system or product not properly filtering specific elements of externally input data during...

Cross site scripting

A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CS...

CVE-2017-15125

CloudForms is affected by CVE-2017-15125 due to a stored XSS flaw in the self-service UI snapshot feature where the name field is not properly sanitized for HTML/JavaScript input. An attacker could exploit this to execute a stored XSS attack against an application administrator; CSP mitigates the...

openstack-nova: Unprivileged API user can access host data using instance snapshot

A flaw was discovered in the OpenStack Compute nova snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw...

Important: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

Elasticsearch Engineered Attack Vulnerability CVE-2015-4165

Summary: Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to...