27 matches found
CVE-2026-29181 vulnerabilities
Vulnerabilities for packages: dex, src, blob-csi-fips, external-dns, net-kourier, step-issuer, crossplane-provider-aws-kinesis-fips, kubevirt-cdi-uploadserver-fips, cadvisor-fips, kuberay-operator, authentik-fips, step-ca-fips, gcp-compute-persistent-disk-csi-driver, nerdctl-fips,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: cilium-envoy, grafana-mimir, aactl, cluster-autoscaler, kyverno-policy-reporter-ui, envoy-gateway, amazon-cloudwatch-agent-operator, rancher-machine, seaweedfs, spegel, step-ca, falco-exporter, cert-manager-csi-driver, kubernetes-csi-node-driver-registrar, telegraf,...
CVE-2021-41090
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...
EUVD-2021-2493
Malware in sbrugna...
EUVD-2024-2829
Malicious code in bioql PyPI...
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: dex, src, mongo-tools, kind, dive, external-dns, harbor-scanner-trivy, cadvisor-fips, atlantis, helm-fips, kpt, prometheus-adapter-fips, q, step-ca-fips, go-licenses, helm, sops, git-lfs, skaffold, cert-manager-webhook-pdns, crane, harbor-registry-fips, flannel,...
GHSA-V778-237X-GJRC vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, aactl, envoy-gateway, spegel, datadog-agent, certificate-transparency, dgraph, kube-bench, newrelic-nri-statsd, crossplane, cilium-cli, mkcert, ko, kserve, amazon-cloudwatch-agent, actions-runner-controller, weaviate, dagger, gitea,...
SUSE CVE-2024-8996
Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2...
GO-2024-3170 Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability in github.com/grafana/agent
Grafana Agent Flow mode on Windows has Unquoted Search Path or Element vulnerability in github.com/grafana/agent...
The vulnerability of the Grafana Agent’s data visualization system lies in the lack of quotation marks when writing elements or search paths, allowing attackers to exploit their privileges.
The vulnerability of the Grafana Agent visualization system is related to the absence of quotation marks in the writing of elements or search paths. Exploiting this vulnerability can allow attackers to increase their privileges...
CVE-2024-8996
Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2...
CVE-2024-8996
Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2...
CVE-2024-8996
Grafana Agent (Flow mode) on Windows is affected by CVE-2024-8996 (Unquoted Search Path or Element), allowing Privilege Escalation from Local User to SYSTEM. Affected versions: Agent Flow prior to 0.43.2. The issue is addressed in Grafana Agent v0.43.3 (and related security release). Exploitation...
Grafana Agent flow mode unquoted service path
On a windows machine, the Grafana Agent Flow mode service prior to version 0.43.1 is vulnerable to a privilege escalation from local user to SYSTEM due to an unquoted service path. It is recommended that you remove the Grafana Agent Flow installation and do a clean install. An update will not...
Grafana Agent 安全漏洞
Grafana Agent is an OpenTry Collector distribution of Grafana open source. A security vulnerability exists in Grafana Agent versions prior to 0.43.2 that stems from an unquoted search path or element vulnerability that allows elevation of privilege...
PT-2024-6557 · Grafana +1 · Grafana Agent +1
Name of the Vulnerable Software and Affected Versions: Grafana Agent versions prior to 0.43.2 Grafana Agent versions prior to 0.43.3 Description: The issue is related to an Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows, which allows Privilege Escalation from...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: opentelemetry-collector-contrib, timestamp-authority, grafana-mimir, cluster-autoscaler, terragrunt, fulcio, zarf, wal-g, zot, rclone, kubescape, bank-vaults, restic, step-ca, flux-kustomize-controller, k8sgpt, py3-azure-identity, tempo, datadog-agent, argo-workflows...
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: dex, kubeflow-katib, sigstore-scaffolding, src, mongo-tools, kind, istio-cni, dive, external-dns, step-issuer, kube-logging-operator, kots, harbor-scanner-trivy, terraform-provider-google, cadvisor-fips, atlantis, helm-fips, kpt, kuberay-operator, weaviate, restic, q...
Grafana Information Disclosure Vulnerability (CNVD-2021-101998)
Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, etc. An information disclosure vulnerability exists in Grafana Agent versions 0.20.1 and earlier an...
[ASA-202112-12] grafana-agent: information disclosure
Arch Linux Security Advisory ASA-202112-12 ========================================== Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-41090 Package : grafana-agent Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2614 Summary ======= The package grafana-agen...