[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2022-8057 -- Oracle grafana

ID: oval:org.secpod.oval:def:87148Date: (C)2023-02-02   (M)2024-02-26
Class: PATCHFamily: unix




[7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal [7.5.15-2] - resolve CVE-2022-31107 grafana: OAuth account takeover [7.5.15-1] - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible [7.5.11-3] - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase [7.5.11-2] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files [7.5.11-1] - update to 7.5.11 tagged upstream community sources, see CHANGELOG - resolve CVE-2021-39226

Platform:
Oracle Linux 9
Product:
grafana
Reference:
ELSA-2022-8057
CVE-2022-21698
CVE-2022-21713
CVE-2022-32148
CVE-2022-21673
CVE-2022-21702
CVE-2022-30630
CVE-2022-1962
CVE-2022-30631
CVE-2021-23648
CVE-2022-1705
CVE-2022-21703
CVE-2022-28131
CVE-2022-30635
CVE-2022-30632
CVE-2022-30633
CVE    15
CVE-2021-23648
CVE-2022-21713
CVE-2022-21703
CVE-2022-21702
...
CPE    4
cpe:/a:grafana:grafana
cpe:/a:grafana:grafana:2.0.0:beta3
cpe:/a:grafana:grafana:2.0.0:beta1
cpe:/o:oracle:linux:9
...

© SecPod Technologies