EUVD-2023-2802

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-25151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhtt...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.32 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.32 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

CBL Mariner 2.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)

The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...

CBL Mariner 2.0 Security Update: containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc (CVE-2023-47108)

The version of containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-47108 advisory. - OpenTelemetry-Go Contrib is a collecti...

RHEL 8 : opentelemetry-go-contrib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics CVE-2023-47108 Note that...

Fedora 40 : caddy (2024-19d093c14d)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-19d093c14d advisory. Automatic update for caddy-2.7.6-1.fc40. Changelog Fri Feb 9 2024 Carl George - 2.7.6-1 - Update to version 2.7.6 rhbz2253698 - Includes fix for CVE-2023-451...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.5 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Amazon Linux 2 : cri-tools (ALAS-2024-2446)

The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2446 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read ma...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2024-037)

The version of containerd installed on the remote host is prior to 1.7.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-037 advisory. 2024-02-15: CVE-2023-39326 was added to this advisory. 2024-02-15: CVE-2023-47108 was added to this...

Important: cri-tools

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

RHCOS 4 : OpenShift Container Platform 4.12.48 (RHSA-2024:0489)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0489 advisory. - opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics CVE-2023-47108 Note that Nessus has not tested f...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.30 security update

Red Hat OpenShift Container Platform release 4.13.30 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

RHCOS 4 : OpenShift Container Platform 4.14.9 (RHSA-2024:0207)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0207 advisory. - cri-o: Pods are able to break out of resource confinement on cgroupv2 CVE-2023-6476 - opentelemetry-go-contrib: DoS vulnerability ...

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2424)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300032.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2424 advisory. 2024-02-29: CVE-2023-47108 was added to this advisory. The HTTP/2 protocol allows a denial of service...

otelgrpc DoS vulnerability due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...

UBUNTU-CVE-2023-47108

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

CVE-2023-47108

The CVE-2023-47108 issue affects OpenTelemetry-Go Contrib's grpc Unary Server Interceptor in versions >=0.37.0 and

OpenTelemetry-Go Contrib Security Vulnerability

OpenTelemetry-Go Contrib is a collection of OpenTelemetry Go extensions open-sourced by OpenTelemetry. A security vulnerability exists in versions prior to OpenTelemetry-Go Contrib 0.46.0 that stems from a potential server memory exhaustion when sending a large number of malicious requests...

PT-2023-9340 · Unknown +2 · Opentelemetry-Go Contrib +2

Name of the Vulnerable Software and Affected Versions: OpenTelemetry-Go Contrib versions prior to 0.46.0 Description: The issue is related to the grpc Unary Server Interceptor adding labels net.peer.sock.addr and net.peer.sock.port with unbound cardinality, leading to potential memory exhaustion...