VYPR

rpm package

almalinux/grafana-selinux

pkg:rpm/almalinux/grafana-selinux

Vulnerabilities (25)

  • CVE-2024-24789Jun 5, 2024
    affected < 9.2.10-17.el8_10fixed 9.2.10-17.el8_10

    The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac

  • CVE-2024-24790Jun 5, 2024
    affected < 9.2.10-17.el8_10fixed 9.2.10-17.el8_10

    The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

  • CVE-2024-24788MedMay 8, 2024
    affected < 9.2.10-17.el8_10fixed 9.2.10-17.el8_10

    A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

  • CVE-2024-1313MedMar 26, 2024
    affected < 9.2.10-16.el9_4.alma.1fixed 9.2.10-16.el9_4.alma.1

    It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per

  • CVE-2024-1394HigMar 21, 2024
    affected < 9.2.10-16.el9_4.alma.1fixed 9.2.10-16.el9_4.alma.1

    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and

Page 2 of 2