54 matches found
EUVD-2021-18675
Malware in sbrugna...
EUVD-2005-2689
Malware in sbrugna...
EUVD-2015-3011
Malware in sbrugna...
EUVD-2019-7845
Malware in sbrugna...
EUVD-2023-2802
Malicious code in bioql PyPI...
CVE-2024-1762
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2019-17488
b3log Symphony aka Sym before 3.6.0 has XSS via the HTTP User-Agent header...
CBL Mariner 2.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)
The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...
PT-2024-26240 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 12.4 Description: The issue is related to Cross Site Scripting XSS due to the lack of sanitization of the HTTP USER AGENT variable. In the view/about.php file, the website retrieves the user agent from the headers through ...
Fedora 39 : caddy (2024-22b915e51a)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-22b915e51a advisory. Update to the latest upstream version, which includes a fix for CVE-2023-45142. https://github.com/caddyserver/caddy/releases/tag/v2.7.6 Tenable has extracte...
SUSE CVE-2023-45142
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-33347 CVE-2023-45142 affecting package moby-compose for versions less than 2.17.3-7
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-35437 CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-31303 CVE-2023-45142 affecting package cri-tools for versions less than 1.29.0-2
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-35069 CVE-2023-45142 affecting package opa for versions less than 0.63.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-33516 CVE-2023-45142 affecting package opa for versions less than 0.63.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-34580 CVE-2023-45142 affecting package cert-manager for versions less than 1.12.12-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-34900 CVE-2023-45142 affecting package kubernetes for versions less than 1.29.1-2
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-35119 CVE-2023-45142 affecting package prometheus-adapter for versions less than 0.12.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-34889 CVE-2023-45142 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...