Max CVSS 6.4 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-13379 6.4
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can b
29-01-2021 - 16:41 03-06-2020 - 19:15
CVE-2020-12245 4.3
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
10-10-2020 - 18:15 24-04-2020 - 21:15
CVE-2019-15043 5.0
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
04-10-2020 - 18:15 03-09-2019 - 12:15
CVE-2019-10215 4.3
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
28-07-2020 - 00:15 08-10-2019 - 19:15
CVE-2019-0102 5.8
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
28-07-2020 - 00:15 18-02-2019 - 17:29
Back to Top Mark selected
Back to Top