bind (SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS package bind, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (24)
CVE-2021-3918 — CVSS 9.8 (critical): json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-8625 — CVSS 8.1 (high): BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which…
CVE-2021-43138 — CVSS 7.8 (high): In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js…
CVE-2022-36062 — CVSS 7.6 (high): Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to…
CVE-2020-7753 — CVSS 7.5 (high): All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVE-2021-25215 — CVSS 7.5 (high): In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview…
CVE-2022-27664 — CVSS 7.5 (high): In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang…
CVE-2022-32149 — CVSS 7.5 (high): An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to…
CVE-2022-38177 — CVSS 7.5 (high): By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is…
CVE-2022-38178 — CVSS 7.5 (high): By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is…
CVE-2022-41715 — CVSS 7.5 (high): Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed…
CVE-2023-2828 — CVSS 7.5 (high): Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has…
CVE-2023-3341 — CVSS 7.5 (high): The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth…
CVE-2022-31097 — CVSS 7.3 (high): Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and…
CVE-2022-31107 — CVSS 7.1 (high): Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible…
CVE-2022-35957 — CVSS 6.6 (medium): Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation…
CVE-2021-25214 — CVSS 6.5 (medium): In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9…
CVE-2022-0155 — CVSS 6.5 (medium): follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-1410 — CVSS 6.2 (medium): Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite…
CVE-2022-46146 — CVSS 6.2 (medium): Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a…
CVE-2022-2795 — CVSS 5.3 (medium): By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance…
CVE-2023-1387 — CVSS 4.2 (medium): Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search…