30 matches found
Azure Linux 3.0 Security Update: fluent-bit (CVE-2024-50609)
The version of fluent-bit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50609 advisory. - An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listenin...
CVE-2024-50608 affecting package fluent-bit for versions less than 3.1.9-3
CVE-2024-50608 affecting package fluent-bit for versions less than 3.1.9-3. A patched version of the package is available...
CVE-2024-50609 affecting package fluent-bit for versions less than 3.0.6-2
CVE-2024-50609 affecting package fluent-bit for versions less than 3.0.6-2. A patched version of the package is available...
CVE-2024-50608 affecting package fluent-bit for versions less than 3.0.6-2
CVE-2024-50608 affecting package fluent-bit for versions less than 3.0.6-2. A patched version of the package is available...
CVE-2024-50609
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access to the...
CVE-2024-28182 affecting package fluent-bit for versions less than 3.0.6-1
CVE-2024-28182 affecting package fluent-bit for versions less than 3.0.6-1. A patched version of the package is available...
CVE-2024-27532 affecting package fluent-bit for versions less than 3.1.9-2
CVE-2024-27532 affecting package fluent-bit for versions less than 3.1.9-2. A patched version of the package is available...
CBL Mariner 2.0 Security Update: fluent-bit (CVE-2024-25431)
The version of fluent-bit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25431 advisory. - An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a...
AZL-26918 CVE-2023-32067 affecting package fluent-bit for versions less than 2.1.10-1
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
AZL-12968 CVE-2022-46392 affecting package fluent-bit for versions less than 2.0.9-1
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses typically, an untrusted operating system attacking a secure enclave can recover an RSA private key after observing the victim performing a single...