GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: kube-oidc-proxy, caddy, k3s, metrics-server-fips, cert-manager, buildkitd, ipfs, kubevela, rancher-webhook, kubernetes, prometheus-adapter, rancher-webhook-fips, up, kubernetes-fips...

OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics

Summary This handler wrapper https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.goL63-L65 out of the box adds labels - http.useragent - http.method that have unbound cardinality. It leads to the server...

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability. An attacker can exploit the vulnerability to elevate privileges...

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is available...

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: kubernetes, ipfs, prometheus-adapter, buildkitd, k3s, caddy, kubevela, up...

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: kube-oidc-proxy, caddy, k3s, metrics-server-fips, cert-manager, buildkitd, ipfs, kubevela, rancher-webhook, kubernetes, prometheus-adapter, rancher-webhook-fips, up, kubernetes-fips...

AZL-35116 CVE-2023-45142 affecting package prometheus for versions less than 2.45.4-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: falcoctl-fips, aws-load-balancer-controller, rqlite, trillian, kubescape, kiam, flux-notification-controller, node-problem-detector, aactl, yq, kube-state-metrics, crossplane-provider-aws, external-dns-fips, up, dynamic-localpv-provisioner, aws-ebs-csi-driver,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: hugo, kubernetes-dashboard-metrics-scraper, mc, vault-k8s, external-secrets-operator, dynamic-localpv-provisioner, terraform-provider-sendgrid, prometheus-blackbox-exporter, gke-gcloud-auth-plugin, prometheus-adapter, aactl, tekton-chains, go, kind, spark-operator,...

AZL-50339 CVE-2023-39325 affecting package prometheus for versions less than 2.37.9-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-35121 CVE-2023-39325 affecting package prometheus-adapter for versions less than 0.12.0-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: falcoctl-fips, aws-load-balancer-controller, rqlite, trillian, kubescape, kiam, flux-notification-controller, node-problem-detector, aactl, yq, kube-state-metrics, crossplane-provider-aws, external-dns-fips, up, dynamic-localpv-provisioner, aws-ebs-csi-driver,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: hugo, certificate-transparency, mc, dynamic-localpv-provisioner, terraform-provider-sendgrid, prometheus-blackbox-exporter, gke-gcloud-auth-plugin, prometheus-adapter, aactl, terraform-provider-aws, kind, spark-operator, cue, git-lfs, bom, kots,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: falcoctl-fips, rqlite, terraform-provider-aws, kubescape, kiam, flux-notification-controller, node-problem-detector, aactl, kube-state-metrics, external-dns-fips, dynamic-localpv-provisioner, flux-source-controller, nginx-mainline, cue, stakater-reloader, nginx-stabl...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: hugo, certificate-transparency, mc, dynamic-localpv-provisioner, terraform-provider-sendgrid, prometheus-blackbox-exporter, gke-gcloud-auth-plugin, prometheus-adapter, aactl, terraform-provider-aws, kind, spark-operator, cue, git-lfs, bom, kots,...

AZL-31342 CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35114 CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31341 CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35117 CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Debian: Security Advisory (DLA-3609-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...