39 matches found
OPENSUSE-SU-2026:11040-1 grafana-11.6.14+security04-4.1 on GA media
These are all security issues fixed in the grafana-11.6.14+security04-4.1 package on the GA media of openSUSE Tumbleweed...
MiracleLinux 8 : grafana-9.2.10-29.el8_10 (AXSA:2026-458:09)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-458:09 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the MiracleLinu...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...
MiracleLinux 9 : grafana-10.2.6-4.el9 (AXSA:2024-9212:19)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9212:19 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-2478...
MiracleLinux 8 : grafana-7.5.11-3.el8 (AXSA:2022-3704:04)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3704:04 advisory. grafana: OAuth account takeover CVE-2022-31107 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...
CVE-2026-22643
...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 11.5.5 to 11.5.10: Security issues fixed: CVE-2025-64751: Dropped experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fixed parsing HTML documents version...
OPENSUSE-SU-2025:15610-1 grafana-11.6.6-1.1 on GA media
These are all security issues fixed in the grafana-11.6.6-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2019-19499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana = 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source...
Linux Distros Unpatched Vulnerability : CVE-2018-18623
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana 5.3.1 has XSS via the Dashboard Text Panel screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. CVE-2018-18623 Note that...
OPENSUSE-SU-2025:15226-1 grafana-11.6.3-1.1 on GA media
These are all security issues fixed in the grafana-11.6.3-1.1 package on the GA media of openSUSE Tumbleweed...
Grafana 11.2.x < 11.2.3+security-01 Incorrect Privilege Assignment
According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...
Grafana 11.2.x < 11.2.10 Improper Access Control
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.19, or 11.2.x earlier than 11.2.10, or 11.3.x earlier than 11.3.7, or 11.4.x earlier than 11.4.5, or 11.5.x earlier than 11.5.5, or 11.6.x earlier than 11.6.2, or 12.0.x earlier than 12.0.1...
Grafana 10.2.x < 10.2.6 Authorization Bypass Through User-controlled Key
According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.18, or 10.0.x earlier than 10.0.13, or 10.1.x earlier than 10.1.9, or 10.2.x earlier than 10.2.6, or 10.3.x earlier than 10.3.5. It is, therefore, affected by a authorization bypass...
Grafana 11.1.x < 11.2.8+security-01 Cross-site Scripting
According to its self-reported version, the Grafana install hosted on the remote host is 11.1.x earlier than 11.2.8+security-01, or 11.1.x earlier than 11.3.5+security-01, or 11.1.x earlier than 11.4.3+security-01, or 11.1.x earlier than 11.5.3+security-01, or 11.1.x earlier than...
Grafana 10.3.x < 10.3.4 Improper Privilege Management
According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 9.5.7, or 10.0.x earlier than 10.0.12, or 10.1.x earlier than 10.1.8, or 10.2.x earlier than 10.2.5, or 10.3.x earlier than 10.3.4. It is, therefore, affected by a improper privilege...
Grafana 10.1.x < 10.1.7 Incorrect Authorization
According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.16, or 10.0.x earlier than 10.0.11, or 10.1.x earlier than 10.1.7, or 10.2.x earlier than 10.2.4, or 10.3.x earlier than 10.3.3. It is, therefore, affected by a incorrect authorization...
Grafana 11.4.x < 11.4.4 Cross-site Scripting
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.18, or 11.2.x earlier than 11.2.9, or 11.3.x earlier than 11.3.6, or 11.4.x earlier than 11.4.4, or 11.5.x earlier than 11.5.4, or 11.6.x earlier than 11.6.1. It is, therefore, affected by a...
Grafana 11.3.x < 11.3.7 Improper Access Control
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.19, or 11.2.x earlier than 11.2.10, or 11.3.x earlier than 11.3.7, or 11.4.x earlier than 11.4.5, or 11.5.x earlier than 11.5.5, or 11.6.x earlier than 11.6.2, or 12.0.x earlier than 12.0.1...
Grafana 11.5.x < 11.5.5 Improper Access Control
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.19, or 11.2.x earlier than 11.2.10, or 11.3.x earlier than 11.3.7, or 11.4.x earlier than 11.4.5, or 11.5.x earlier than 11.5.5, or 11.6.x earlier than 11.6.2, or 12.0.x earlier than 12.0.1...