rpm package
almalinux/grafana-selinux
pkg:rpm/almalinux/grafana-selinux
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24789 | — | < 9.2.10-17.el8_10 | 9.2.10-17.el8_10 | Jun 5, 2024 | The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac | ||
| CVE-2024-24790 | — | < 9.2.10-17.el8_10 | 9.2.10-17.el8_10 | Jun 5, 2024 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | ||
| CVE-2024-24788 | Med | 5.9 | < 9.2.10-17.el8_10 | 9.2.10-17.el8_10 | May 8, 2024 | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | |
| CVE-2024-1313 | Med | 6.5 | < 9.2.10-16.el9_4.alma.1 | 9.2.10-16.el9_4.alma.1 | Mar 26, 2024 | It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per | |
| CVE-2024-1394 | Hig | 7.5 | < 9.2.10-16.el9_4.alma.1 | 9.2.10-16.el9_4.alma.1 | Mar 21, 2024 | A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and |
- CVE-2024-24789Jun 5, 2024affected < 9.2.10-17.el8_10fixed 9.2.10-17.el8_10
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac
- CVE-2024-24790Jun 5, 2024affected < 9.2.10-17.el8_10fixed 9.2.10-17.el8_10
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
- affected < 9.2.10-17.el8_10fixed 9.2.10-17.el8_10
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
- affected < 9.2.10-16.el9_4.alma.1fixed 9.2.10-16.el9_4.alma.1
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per
- affected < 9.2.10-16.el9_4.alma.1fixed 9.2.10-16.el9_4.alma.1
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and
Page 2 of 2