AZL-34580 CVE-2023-45142 affecting package cert-manager for versions less than 1.12.12-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

AZL-33516 CVE-2023-45142 affecting package opa for versions less than 0.63.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

AZL-33347 CVE-2023-45142 affecting package moby-compose for versions less than 2.17.3-7

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

CVE-2023-44188

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon jkdsd process to crash,...

CVE-2023-44188

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon jkdsd process to crash,...

CVE-2023-44188 Junos OS: jkdsd crash due to multiple telemetry requests

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon jkdsd process to crash,...

CVE-2023-44188

CVE-2023-44188 is a TOCTOU race condition in Juniper Networks Junos OS telemetry processing that can cause the jkdsd daemon to crash and trigger DoS when multiple telemetry requests are sent from different collectors. Affected Junos OS versions span 20.4R3-S9 and earlier (various 21.x, 22.x, 23.1...

PT-2023-6227 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S9 Juniper Networks Junos OS versions 21.1R1 and later Juniper Networks Junos OS versions prior to 21.2R3-S6 Juniper Networks Junos OS versions prior to 21.3R3-S5 Juniper Networks Junos OS...

Juniper Junos OS Vulnerability (JSA73152)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73152 advisory. - A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood...

Kibana Upgrade Assistant Telemetry Collector Prototype Pollution

Kibana before version 7.6.3 suffers from a prototype pollution bug within the Upgrade Assistant. By setting a new constructor.prototype.sourceURL value we're able to execute arbitrary code. Code execution is possible through two different ways. Either by sending data directly to Elastic, or using...

CVE-2020-7012

creationtimestamp| type| source ---|---|--- 2023-10-06 21:55:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/kibanaupgradeassistanttelemetryrce.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

CVE-2023-43810

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...

CVE-2023-43810

CVE-2023-43810 concerns OpenTelemetry instrumentation. Autoinstrumentation may expose an unbounded http_method label, enabling memory exhaustion under large numbers of crafted requests. Affected if the application is instrumented for HTTP handlers and does not filter non-standard methods at CDN/L...

CVE-2023-43810 opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...

CVE-2023-43810 opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...

OpenTelemetry-Go Contrib Resource Management Error Vulnerability

OpenTelemetry-Go Contrib is a collection of extensions for OpenTelemetry Go in the OpenTelemetry open source. A resource management error vulnerability exists in OpenTelemetry-Go Contrib, which stems from a denial of service DoS vulnerability in the opentelemetry-instrumentation function...

Fedora: Security Advisory (FEDORA-2023-9adc4be8b0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: mosquitto-2.0.17-1.fc39

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne (ELSA-2020-5765)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5765 advisory. - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31446720 CVE-2020-0543 - x86/speculation: Add Special Regist...

[SECURITY] Fedora 37 Update: mosquitto-2.0.17-1.fc37

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...