Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2024-2615)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : libvirt (EulerOS-SA-2024-2153)

According to the versions of the libvirt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoo...

EulerOS Virtualization 2.10.0 : libvirt (EulerOS-SA-2024-2133)

According to the versions of the libvirt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoo...

Grafana Fine-grained access control vulnerability

Impact On Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, ad...

Use After Free

libvirt is vulnerable to Use After Free. The vulnerability is due to a race condition in the virNetClientIOEventLoop method, where the data pointer to a stack-allocated structure is used after the stack frame is freed. If libvirt is configured with fine-grained access control, an attacker could...

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

CVE-2024-4418 Libvirt: stack use-after-free in virnetclientioeventloop()

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

BIT-GRAFANA-2021-41244 Cross organization admin control in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

OpenSearch issue with fine-grained access control during extremely rare race conditions

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...

GHSA-G8XC-6MF7-H28H OpenSearch issue with fine-grained access control during extremely rare race conditions

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...

GHSA-WMX7-X4JP-9JGG OpenSearch has issue with fine-grained access control of indices backing data streams

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can on...

Authorization

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

CVE-2022-24812 FGAC API Key privilege escalation in Grafana

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

CVE-2022-24812 FGAC API Key privilege escalation in Grafana

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

Grafana has an unspecified vulnerability

Grafana is an open source monitoring tool from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. A security vulnerability exists in Grafana that stems from the fact that in the affected version, when th...

CVE-2021-41244

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

CVE-2021-41244

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

CVE-2021-41244

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...