E-series Performance Analyzer Security Vulnerabilities and Issues — E-series Performance Analyzer CVE List

Lucene search

NetappE-series Performance Analyzer

9 matches found

CVE•added 2022/07/15 1:15 p.m.•1443 views

CVE-2022-31107

Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of an...

7.5CVSS7.1AI score0.00479EPSS

CVE•added 2022/02/08 9:15 p.m.•1150 views

CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Edito...

8.8CVSS7.3AI score0.01791EPSS

CVE•added 2022/02/08 9:15 p.m.•1101 views

CVE-2022-21713

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID, /teams/:...

4.3CVSS6.2AI score0.00102EPSS

Web

CVE•added 2022/02/08 8:15 p.m.•1023 views

CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The att...

6.5CVSS6.5AI score0.00703EPSS

CVE•added 2022/10/13 10:15 p.m.•680 views

CVE-2022-31123

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are n...

7.8CVSS6.6AI score0.00009EPSS

CVE•added 2022/11/09 7:15 a.m.•490 views

CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often su...

7.5CVSS7.7AI score0.00089EPSS

CVE•added 2022/08/24 4:15 p.m.•340 views

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arb...

7.8CVSS9.2AI score0.0102EPSS

CVE•added 2022/12/07 10:15 p.m.•266 views

CVE-2022-23491

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust sto...

7.5CVSS7AI score0.00041EPSS

CVE•added 2022/07/15 12:15 p.m.•192 views

CVE-2022-31097

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privile...

8.7CVSS7.5AI score0.51102EPSS