apk package
chainguard/grafana-9.3
pkg:apk/chainguard/grafana-9.3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-49568 | — | < 9.3.16-r8 | 9.3.16-r8 | Jan 12, 2024 | A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. A | ||
| CVE-2023-48795 | Med | 5.9 | < 9.3.16-r6 | 9.3.16-r6 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-39325 | — | < 9.3.16-r3 | 9.3.16-r3 | Oct 11, 2023 | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 9.3.16-r3 | 9.3.16-r3 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-3978 | — | < 9.3.16-r3 | 9.3.16-r3 | Aug 2, 2023 | Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. | ||
| CVE-2023-37788 | — | < 0 | 0 | Jul 18, 2023 | goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. | ||
| CVE-2019-3826 | — | < 0 | 0 | Mar 26, 2019 | A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri |
- CVE-2023-49568Jan 12, 2024affected < 9.3.16-r8fixed 9.3.16-r8
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. A
- affected < 9.3.16-r6fixed 9.3.16-r6
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-39325Oct 11, 2023affected < 9.3.16-r3fixed 9.3.16-r3
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack
- affected < 9.3.16-r3fixed 9.3.16-r3
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-3978Aug 2, 2023affected < 9.3.16-r3fixed 9.3.16-r3
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
- CVE-2023-37788Jul 18, 2023affected < 0fixed 0
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.
- CVE-2019-3826Mar 26, 2019affected < 0fixed 0
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri