CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2151 matches found

OSV•added 2021/12/10 9:15 p.m.•25 views

CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

4.3CVSS6.5AI score

Exploits0References7

OSV•added 2021/12/10 9:15 p.m.•1 views

UBUNTU-CVE-2021-43815

4.3CVSS6.9AI score0.01202EPSS

Exploits0References8

Prion•added 2021/12/10 9:15 p.m.•25 views

Directory traversal

3.5CVSS4.7AI score0.01202EPSS

Exploits0References7Affected Software1

UbuntuCve•added 2021/12/10 9:15 p.m.•25 views

CVE-2021-43815

4.3CVSS6.7AI score0.01202EPSS

Exploits0References7

CVE•added 2021/12/10 8:40 p.m.•186 views

CVE-2021-43815

CVE-2021-43815 affects Grafana where an authenticated user could perform a directory traversal to read arbitrary *.csv files via the /api/ds/query path. Affected versions are Grafana 8.0.0-beta3 through 8.3.1 (and related impact notes). The issue is limited to instances with the TestData DB data ...

4.3CVSS4.8AI score0.01202EPSS

Exploits0References7Affected Software1

AlpineLinux•added 2021/12/10 8:40 p.m.•33 views

CVE-2021-43815

4.3CVSS4.9AI score0.01202EPSS

Exploits0

Prion•added 2021/12/10 6:15 p.m.•24 views

Directory traversal

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

4CVSS4.5AI score0.06405EPSS

Exploits0References8Affected Software1

UbuntuCve•added 2021/12/10 6:15 p.m.•36 views

CVE-2021-43813

4.3CVSS6.8AI score0.06405EPSS

Exploits0References8

OSV•added 2021/12/10 6:15 p.m.•1 views

UBUNTU-CVE-2021-43813

4.3CVSS6.9AI score0.06405EPSS

Exploits0References9

AlpineLinux•added 2021/12/10 5:30 p.m.•55 views

CVE-2021-43813

4.3CVSS5.3AI score0.06405EPSS

Exploits0

CNNVD•added 2021/12/10 12:0 a.m.•1 views

Grafana 路径遍历漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana suffers from a path traversal vulnerability that stems from the fact that Grafana prior to...

4.3CVSS7AI score0.06405EPSS

Exploits0References20

RedHat Linux•added 2021/11/30 2:28 p.m.•3 views

tomcat: HTTP request smuggling when used with a reverse proxy

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5.3CVSS7.2AI score0.01865EPSS

Exploits1References4

RedHat Linux•added 2021/11/30 2:25 p.m.•3 views

tomcat: HTTP request smuggling when used with a reverse proxy

5.3CVSS7.2AI score0.01865EPSS

Exploits1References4

OSV•added 2021/11/23 9:58 p.m.•33 views

GHSA-3HFW-X7GX-437C Path traversal in Matrix Synapse

Impact Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. The last two directories and file name of the path are chosen randomly by Synapse and cannot be...

8.7CVSS7.4AI score0.00545EPSS

Exploits0References8

OSV•added 2021/11/23 8:15 p.m.•11 views

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.7AI score

Exploits0References5