docker.io/percona/pmm-server:3 linux/amd64

严重

v0.27.0

0.31.0

golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15

golang.org/x/net

高危

v0.29.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/bin/clickhouse-diagnostics (gobinary)

低危漏洞:0

中危漏洞:15

高危漏洞:5

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	1.19.10	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
stdlib	CVE-2023-39325	高危	1.19.10	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.19.10	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.19.10	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.19.10	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
stdlib	CVE-2023-29406	中危	1.19.10	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.19.10	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.19.10	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.19.10	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.19.10	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.19.10	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.19.10	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.19.10	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.19.10	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.19.10	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.19.10	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.19.10	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.19.10	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.19.10	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.19.10	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/grafana-cli (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/bin/percona-telemetry-agent (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/percona/pmm/bin/pmm-admin (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/percona/pmm/bin/pmm-agent (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.31.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

高危

v0.31.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/local/percona/pmm/bin/pmm-agent-entrypoint (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/percona/pmm/exporters/azure_exporter (gobinary)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

google.golang.org/protobuf

CVE-2024-24786

中危

v1.28.1

1.33.0

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35

usr/local/percona/pmm/exporters/mongodb_exporter (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/percona/pmm/exporters/mysqld_exporter (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.23.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

高危

v0.23.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/local/percona/pmm/exporters/node_exporter (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.27.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
golang.org/x/net	CVE-2024-45338	高危	v0.25.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/crypto

严重

v0.27.0

0.31.0

golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15

golang.org/x/net

高危

v0.25.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/local/percona/pmm/exporters/postgres_exporter (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.29.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

高危

v0.29.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/local/percona/pmm/exporters/proxysql_exporter (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/percona/pmm/exporters/rds_exporter (gobinary)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

google.golang.org/protobuf

CVE-2024-24786

中危

v1.28.1

1.33.0

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35

usr/local/percona/pmm/exporters/vmagent (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/percona/pmm/tools/nomad (gobinary)

低危漏洞:1

中危漏洞:0

高危漏洞:1

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.27.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
golang.org/x/net	CVE-2024-45338	高危	v0.26.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/crypto

严重

v0.27.0

0.31.0

golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15

golang.org/x/net

高危

v0.26.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

github.com/golang-jwt/jwt/v4

CVE-2024-51744

低危

v4.5.0

4.5.1

golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/percona/pmm/tools/pt-mongodb-summary (gobinary)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.7.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
golang.org/x/crypto	CVE-2023-48795	中危	v0.7.0	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/crypto

严重

v0.7.0

0.31.0

golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15

golang.org/x/crypto

CVE-2023-48795

中危

v0.7.0

0.17.0

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54

usr/local/percona/pmm/tools/pt-pg-summary (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/sbin/grafana (gobinary)

低危漏洞:2

中危漏洞:2

高危漏洞:1

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/grafana/grafana-plugin-sdk-go	CVE-2024-8986	严重	v0.234.0	0.250.0	grafana-plugin-sdk-go: Information Leakage in grafana-plugin-sdk-go 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8986 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-09-19 11:15 修改: 2024-09-20 12:30
golang.org/x/crypto	CVE-2024-45337	严重	v0.24.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
golang.org/x/net	CVE-2024-45338	高危	v0.26.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
filippo.io/age	GHSA-32gq-x56h-299c	中危	v1.1.1	1.2.1	age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution 漏洞详情: https://github.com/advisories/GHSA-32gq-x56h-299c 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/rs/cors	GHSA-mh55-gqvf-xfwm	中危	v1.10.1	1.11.0	Denial of service via malicious preflight requests in github.com/rs/cors 漏洞详情: https://github.com/advisories/GHSA-mh55-gqvf-xfwm 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04
google.golang.org/grpc	GHSA-xr7q-jx4m-x55m	低危	v1.64.0	1.64.1	Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go 漏洞详情: https://github.com/advisories/GHSA-xr7q-jx4m-x55m 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

usr/sbin/grafana-server (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/sbin/percona-qan-api2 (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.31.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

高危

v0.31.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/sbin/pmm-dump (gobinary)

低危漏洞:1

中危漏洞:15

高危漏洞:6

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/grafana/grafana	CVE-2018-15727	严重	v0.0.0-20240319182150-590c657828b5	4.6.4, 5.2.3	grafana: authentication bypass knowing only a username of an LDAP or OAuth user 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-15727 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2018-08-29 15:29 修改: 2019-03-05 17:26
github.com/grafana/grafana	CVE-2023-3128	严重	v0.0.0-20240319182150-590c657828b5	9.4.13, 9.3.16, 9.2.20, 8.5.27	grafana: account takeover possible when using Azure AD OAuth 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3128 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-06-22 21:15 修改: 2023-07-21 19:19
github.com/grafana/grafana-plugin-sdk-go	CVE-2024-8986	严重	v0.242.0	0.250.0	grafana-plugin-sdk-go: Information Leakage in grafana-plugin-sdk-go 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8986 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-09-19 11:15 修改: 2024-09-20 12:30
github.com/grafana/grafana	CVE-2021-39226	高危	v0.0.0-20240319182150-590c657828b5	7.5.11, 8.1.6	grafana: Snapshot authentication bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39226 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2021-10-05 18:15 修改: 2024-06-28 14:05
github.com/grafana/grafana	CVE-2022-35957	高危	v0.0.0-20240319182150-590c657828b5	9.1.6, 9.0.9, 8.5.13	grafana: Escalation from admin to server admin when auth proxy is used 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35957 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2022-09-20 23:15 修改: 2023-11-07 03:49
github.com/grafana/grafana	CVE-2022-39307	高危	v0.0.0-20240319182150-590c657828b5	9.2.4, 8.5.15	grafana: User enumeration via forget password 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-39307 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2022-11-09 23:15 修改: 2023-07-14 19:10
github.com/grafana/grafana	CVE-2023-2801	高危	v0.0.0-20240319182150-590c657828b5	9.4.12, 9.5.3	grafana: data source proxy race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2801 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-06-06 19:15 修改: 2023-07-06 19:15
github.com/grafana/grafana	CVE-2020-12458	高危	v0.0.0-20240319182150-590c657828b5	7.2.1	grafana: information disclosure through world-readable /var/lib/grafana/grafana.db 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12458 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-04-29 16:15 修改: 2023-11-07 03:15
golang.org/x/net	CVE-2024-45338	高危	v0.27.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
github.com/grafana/grafana	CVE-2018-18623	中危	v0.0.0-20240319182150-590c657828b5	6.0.0-beta1	grafana: XSS vulnerability via the "Dashboard > Text Panel" screen 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18623 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-06-02 17:15 修改: 2022-03-29 19:13
github.com/grafana/grafana	CVE-2018-18624	中危	v0.0.0-20240319182150-590c657828b5	7.0.0	grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18624 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-06-02 17:15 修改: 2020-06-08 13:15
github.com/grafana/grafana	CVE-2018-18625	中危	v0.0.0-20240319182150-590c657828b5	6.0.0-beta1	grafana: XSS vulnerability via a link on the "Dashboard > All Panels > General" screen 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18625 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-06-02 17:15 修改: 2020-06-08 13:15
github.com/grafana/grafana	CVE-2019-13068	中危	v0.0.0-20240319182150-590c657828b5	6.2.5	Grafana Cross-site Scripting vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-13068 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2019-06-30 00:15 修改: 2023-03-27 18:15
github.com/grafana/grafana	CVE-2019-19499	中危	v0.0.0-20240319182150-590c657828b5	6.4.4	grafana: arbitrary file read via MySQL data source 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19499 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-08-28 15:15 修改: 2022-04-28 18:28
github.com/grafana/grafana	CVE-2020-11110	中危	v0.0.0-20240319182150-590c657828b5	6.7.2	grafana: stored XSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11110 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-07-27 13:15 修改: 2023-02-10 18:04
github.com/grafana/grafana	CVE-2020-12245	中危	v0.0.0-20240319182150-590c657828b5	6.7.3	grafana: XSS via column.title or cellLinkTooltip 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12245 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-04-24 21:15 修改: 2020-10-10 18:15
github.com/grafana/grafana	CVE-2020-13430	中危	v0.0.0-20240319182150-590c657828b5	7.0.0	grafana: XSS via the OpenTSDB datasource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13430 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-05-24 18:15 修改: 2023-02-28 15:15
github.com/grafana/grafana	CVE-2020-24303	中危	v0.0.0-20240319182150-590c657828b5	7.1.0-beta1	grafana: XSS via a query alias for the Elasticsearch and Testdata datasource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24303 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2020-10-28 14:15 修改: 2022-06-03 18:56
github.com/grafana/grafana	CVE-2022-39229	中危	v0.0.0-20240319182150-590c657828b5	8.5.14, 9.1.8	grafana: using email as a username can block other users from signing in 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-39229 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2022-10-13 23:15 修改: 2022-10-19 14:10
github.com/grafana/grafana	CVE-2022-39324	中危	v0.0.0-20240319182150-590c657828b5	9.2.8, 8.5.16	grafana: Spoofing of the originalUrl parameter of snapshots 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-39324 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-01-27 23:15 修改: 2023-02-07 20:17
github.com/grafana/grafana	CVE-2023-2183	中危	v0.0.0-20240319182150-590c657828b5	8.5.26, 9.2.19, 9.3.15, 9.4.12, 9.5.3	grafana: missing access control allows test alerts by underprivileged user 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2183 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-06-06 19:15 修改: 2023-07-06 19:15
github.com/grafana/grafana	CVE-2023-4822	中危	v0.0.0-20240319182150-590c657828b5		grafana: incorrect assessment of permissions across organizations 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4822 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-10-16 09:15 修改: 2024-09-17 02:35
github.com/grafana/grafana	CVE-2018-1000816	中危	v0.0.0-20240319182150-590c657828b5	5.3.2	grafana: Cross site scripting in Influxdb and Graphite query editor 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000816 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2018-12-20 15:29 修改: 2019-01-07 21:25
github.com/grafana/grafana	CVE-2018-12099	中危	v0.0.0-20240319182150-590c657828b5	5.2.0-beta1	grafana: Cross-site Scripting (XSS) in dashboard links 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12099 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2018-06-11 11:29 修改: 2019-04-29 13:31
github.com/grafana/grafana	CVE-2024-10452	低危	v0.0.0-20240319182150-590c657828b5		grafana: Org admin can delete pending invites in different org 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10452 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-10-29 16:15 修改: 2024-11-08 17:59

usr/sbin/pmm-encryption-rotation (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/sbin/pmm-managed (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.31.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

高危

v0.31.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/sbin/pmm-managed-init (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/sbin/pmm-managed-starlark (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.31.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

高危

v0.31.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/sbin/victoriametrics (gobinary)

低危漏洞:0

中危漏洞:5

高危漏洞:2

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.13.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
golang.org/x/net	CVE-2023-39325	高危	v0.15.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.15.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.3.1	1.6.0	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-06-11 17:16 修改: 2024-06-20 16:31
golang.org/x/crypto	CVE-2023-48795	中危	v0.13.0	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2023-44487	中危	v0.15.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.15.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35

usr/sbin/vmalert (gobinary)

低危漏洞:0

中危漏洞:2

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2023-39325	高危	v0.15.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.15.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/net	CVE-2023-44487	中危	v0.15.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.15.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35

usr/sbin/vmproxy (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/share/percona-dashboards/panels/grafana-clickhouse-datasource/gpx_clickhouse_linux_amd64 (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/grafana/grafana-plugin-sdk-go	CVE-2024-8986	严重	v0.248.0	0.250.0	grafana-plugin-sdk-go: Information Leakage in grafana-plugin-sdk-go 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8986 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-09-19 11:15 修改: 2024-09-20 12:30
golang.org/x/crypto	CVE-2024-45337	严重	v0.27.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
golang.org/x/net	CVE-2024-45338	高危	v0.29.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

github.com/grafana/grafana-plugin-sdk-go

CVE-2024-8986

严重

v0.248.0

0.250.0

grafana-plugin-sdk-go: Information Leakage in grafana-plugin-sdk-go

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8986

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-09-19 11:15 修改: 2024-09-20 12:30

golang.org/x/crypto

严重

v0.27.0

0.31.0

golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

镜像层: sha256:54c187724ff399b84a77cf60533291055961c028a5af4c50f928719c331b2301

发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15

golang.org/x/net

高危

v0.29.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html