Summary Moby is used by IBM Storage Ceph in Grafana as part of Metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-21285, CVE-2021-31525, CVE-2021-3121, CVE-2022-34038, CVE-2021-41103, CVE-2021-41089, CVE-2020-29652, CVE-2022-27536, CVE-2021-44716, CVE-2023-28842, CVE-2021-21284, CVE-2021-30465, CVE-2018-16875, CVE-2021-32760, CVE-2020-15257, CVE-2022-24769, CVE-2022-21698, CVE-2021-41091, CVE-2022-36109, CVE-2022-27191, CVE-2021-43565. Vulnerability Details ** CVEID: CVE-2021-21285 DESCRIPTION: **Docker is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to pull a specially-crafted Docker image, a remote attacker could exploit this vulnerability to cause the dockerd daemon to crash, and results in a denial of service condition. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196049 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) ** CVEID: CVE-2021-31525 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202709 for the current score. CVSS Vector:…Read More