CVE-2024-34045

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-countersININITIMSGCOUNTERProcedureCodeidE2setup-Increment...

CVE-2024-34046

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-sctpParams-e2tCountersINSUCCMSGCOUNTERProcedureCodeidRICsubscription-Increment...

PT-2024-25661 · Unknown · O-Ran E2T I-Release

Name of the Vulnerable Software and Affected Versions: O-RAN E2T I-Release affected versions not specified Description: The issue is related to a NULL pointer dereference in the buildPrometheusList function. This occurs because the peerInfo can be NULL. Recommendations: At the moment, there is no...

Fedora 40 : golang-github-prometheus-node-exporter (2023-654e0ddfd8)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-654e0ddfd8 advisory. Automatic update for golang-github-prometheus-node-exporter-1.6.1-1.fc40. Changelog Thu Nov 9 2023 Mikel Olasagasti Uranga - 1.6.1-1 - Update to 1.6...

CVE-2024-34046

The CVE-2024-34046 entry describes a crash in the O-RAN E2T I-Release Prometheus metric Increment function, triggered when Increment() is called on message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment() in sctpThread.cpp. Affected c...

Fedora 40 : golang-github-prometheus-prom2json (2023-14a33318b8)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-14a33318b8 advisory. Automatic update for golang-github-prometheus-prom2json-1.3.3-1.fc40. Changelog Sun Dec 3 2023 Mikel Olasagasti Uranga - 1.3.3-1 - Update to 1.3.3 -...

PT-2024-25662 · Unknown · O-Ran E2T I-Release

Name of the Vulnerable Software and Affected Versions: O-RAN E2T I-Release affected versions not specified Description: The issue concerns the O-RAN E2T I-Release Prometheus metric Increment function, which can crash in sctpThread.cpp. This crash occurs when the Increment function is called for...

CVE-2024-34046

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-sctpParams-e2tCountersINSUCCMSGCOUNTERProcedureCodeidRICsubscription-Increment...

CVE-2024-34045

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-countersININITIMSGCOUNTERProcedureCodeidE2setup-Increment...

CVE-2024-34045

CVE-2024-34045 affects the O-RAN E2T I-Release Prometheus metric Increment function. The vulnerability is a crash in sctpThread.cpp triggered when Increment() is called for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). The dataset confirms this ca...

PT-2024-25663 · Unknown · O-Ran E2T I-Release

Name of the Vulnerable Software and Affected Versions: O-RAN E2T I-Release affected versions not specified Description: The issue concerns the O-RAN E2T I-Release Prometheus metric Increment function, which can crash in sctpThread.cpp. This crash occurs when the Increment function is called for...

RHEL 7 / 8 : OpenShift Virtualization 4.10.1 RPMs (RHSA-2022:4667)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4667 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

CVE-2023-45142 affecting package prometheus for versions less than 2.45.4-1

CVE-2023-45142 affecting package prometheus for versions less than 2.45.4-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-41717 affecting package prometheus for versions less than 2.45.4-1

CVE-2022-41717 affecting package prometheus for versions less than 2.45.4-1. An upgraded version of the package is available that resolves this issue...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-eks, bazelisk, skopeo, nri-postgresql, kubernetes-csi-livenessprobe, gh, datadog-agent, s5cmd, falcosidekick, thanos-operator, apko, crossplane-provider-aws-kinesis, newrelic-nri-kube-events, vault-k8s, temporal-ui-server, speedtest-go,...

AZL-50336 CVE-2023-45288 affecting package prometheus for versions less than 2.37.9-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38761 CVE-2023-45288 affecting package prometheus-adapter for versions less than 0.12.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38473 CVE-2023-45288 affecting package prometheus-node-exporter for versions less than 1.7.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-39678 CVE-2023-45288 affecting package prometheus for versions less than 2.45.4-4

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...