Security Bulletin: IBM Storage Ceph is vulnerable to Improper Synchronization in Grafana (CVE-2023-2801)

Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-2801 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-2801 DESCRIPTION: Grafana is vulnerable to a denial of service, caused by a proxy race...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Synchronization in Grafana (CVE-2023-2801)

Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-2801 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID: CVE-2023-2801 DESCRIPTION: Grafana is vulnerable to a denial of service, caused by a proxy race...

OESA-2021-1402 golang security update

The go programming language Security Fixes: Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format.CVE-2021-33195 In...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...