807 matches found
The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry-Go Contrib, relates to the distribution of resources without any restrictions or regulations. This allows a malicious actor to cause service failures.
The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry, relates to the distribution of resources without any restrictions or regulation when adding the net.peer.sock.addr and net.peer.sock.port tags, which have unrestricted...
GHSA-CXJF-X6JP-P7MC opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...
a-texam (=1.1.0), aait (>=1.0.4 <=1.0.5) +1255 more potentially affected by CVE-2023-4863 via opencv-contrib-python (>=3.4.11.45 <=4.8.0.76)
opencv-contrib-python PYPI version =3.4.11.45, =1.0.4, =0.0.29, =1.11.4, =0.5.0, =0.1.0, =24.3.2, =1.0.0, =0.3.0, =0.1.0, =0.1.0, =1.0.0, =1.0.3 and more Source cves: CVE-2023-4863 Source advisory: OSV:GHSA-CXJF-X6JP-P7MC...
ailabeler (=0.5.0), aiotieba (>=2.9.0 <=2.10.3) +128 more potentially affected by CVE-2023-4863 via opencv-contrib-python-headless (>=3.4.18.65 <=4.8.0.76)
opencv-contrib-python-headless PYPI version =3.4.18.65, =2.9.0, =0.1.0, =1.2.0, =0.1.0, =0.1.11, =1.0.0, =5.4.1, =0.0.1, =0.1.9, =0.1.1, =0.1.2, =0.1.4 and more Source cves: CVE-2023-4863 Source advisory: OSV:GHSA-W2PJ-9CGH-MQ2C...
GHSA-W2PJ-9CGH-MQ2C opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...
GO-2024-3102 OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver...
Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033
This module enables you to cache pages for logged in users at the Varnish level. The Varnish bin names may be guessable when no hashing noise configuration is set on the module configuration page, which would ultimately allow any user to view cached pages that were intended for other roles when...
Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029
The Opigno Learning Path module enables you to manage group content. Administrative forms allow uploading malicious files which may contain arbitrary code RCE or cross site scriptiong XSS. These forms were not adequately controlled with permissions that communicate the severity of the permission...
View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026
The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes. The module doesn't validate the content of classes. A malicious user with access ...
GHSA-V23V-6JW2-98FQ vulnerabilities
Vulnerabilities for packages: harbor-scanner-trivy, kots, dive, newrelic-infrastructure-agent, apko, ctop, nerdctl, bom, vexctl, helm-push, flux-helm-controller, helm, dagger, up, dagdotdev, melange, skaffold, cadvisor, opentelemetry-collector, argo-workflows, aactl, timoni, trivy, helm-operator,...
CBL Mariner 2.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)
The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...
CBL Mariner 2.0 Security Update: containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc (CVE-2023-47108)
The version of containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-47108 advisory. - OpenTelemetry-Go Contrib is a collecti...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: fulcio, sigstore-scaffolding, hugo, flyte, rekor, trino, spire-server, flux-kustomize-controller, nuclei, terragrunt, py3-azure-identity, secrets-store-csi-driver-provider-azure, step-ca, up, velero, tempo, opentelemetry-collector, argo-workflows,...
GHSA-87M9-RV8P-RGMG vulnerabilities
Vulnerabilities for packages: opentelemetry-collector, spicedb, opentelemetry-collector-contrib, datadog-agent, tempo...
Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-635)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-635 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Tenable has extracted the preceding description block directly from the tested product security advisory. No...
Denial Of Service (DoS)
rack-contrib is vulnerable to a Denial Of Service DoS. The vulnerability is due to the user-controlled profilerruns parameter not being constrained, which allows an attacker to allocate resources on the server side without limitation, resulting in Denial of Service...
Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024
The Migrate queue importer module enables you to create cron migrationsconfiguration entities with a reference towards migration entities in order to import them during cron runs. The module doesn't sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an...
Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022
Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unconstrained value of the incoming profilerruns parameter. An attacker can cause the server to allocate excessive resources, leading to a denial of service by sending...
CVE-2024-35231
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profilerruns was not constrained to any limitation. This would lead to...