rpm package
suse/bind&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31107 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Jul 15, 2022 | Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove | ||
| CVE-2022-31097 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Jul 15, 2022 | Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability | ||
| CVE-2021-43138 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Apr 6, 2022 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | ||
| CVE-2021-25220 | — | < 9.16.6-150000.12.60.1 | 9.16.6-150000.12.60.1 | Mar 23, 2022 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have | ||
| CVE-2022-0155 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Jan 10, 2022 | follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | ||
| CVE-2021-3918 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Nov 13, 2021 | json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||
| CVE-2021-3807 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Sep 17, 2021 | ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2020-7753 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Oct 27, 2020 | All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). |
- CVE-2022-31107Jul 15, 2022affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove
- CVE-2022-31097Jul 15, 2022affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability
- CVE-2021-43138Apr 6, 2022affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
- CVE-2021-25220Mar 23, 2022affected < 9.16.6-150000.12.60.1fixed 9.16.6-150000.12.60.1
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have
- CVE-2022-0155Jan 10, 2022affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2021-3918Nov 13, 2021affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
- CVE-2021-3807Sep 17, 2021affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2020-7753Oct 27, 2020affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Page 2 of 2