Lucene search
+L

66 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.16 views

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2025-2851)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300054.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2851 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size...

9.1CVSS7.3AI score0.00778EPSS
Exploits0References8
Wolfi
Wolfi
added 2025/04/10 1:44 p.m.48 views

CVE-2025-22871 vulnerabilities

Vulnerabilities for packages: terraform-provider-pagerduty, kubernetes-dashboard-metrics-scraper, cargobump, q, terraform-provider-kubernetes, swagger, cloudnative-pg, controller-gen, kapp-controller, metallb, fq, gosu, nri-nagios, opencost, jitsucom-jitsu, runc, litestream, gobuster, kaniko,...

9.1CVSS7AI score0.00778EPSS
Exploits0
Wolfi
Wolfi
added 2025/04/10 1:44 p.m.12 views

GHSA-G9PC-8G42-G6VQ vulnerabilities

Vulnerabilities for packages: terraform-provider-pagerduty, kubernetes-dashboard-metrics-scraper, cargobump, q, terraform-provider-kubernetes, swagger, cloudnative-pg, controller-gen, kapp-controller, metallb, fq, gosu, nri-nagios, opencost, jitsucom-jitsu, runc, litestream, gobuster, kaniko,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2025/04/10 1:13 p.m.31 views

CVE-2025-22871 vulnerabilities

Vulnerabilities for packages: helm-docs, kubernetes-csi-node-driver-registrar-fips, splunk-otel-collector, crossplane-provider-azure-sql, envoy-gateway-fips, opentofu, apm-server-fips, consul, docker-cli, kubernetes-dashboard-web, terraform-provider-random, tempo-fips, bazelisk,...

9.1CVSS7AI score0.00778EPSS
Exploits0
Wolfi
Wolfi
added 2025/03/22 4:43 p.m.50 views

CVE-2025-30204 vulnerabilities

Vulnerabilities for packages: zarf, loki, flux-kustomize-controller, grafana-agent-operator, kubernetes, policy-controller, openfga, rekor, opentofu, kargo, flux-image-automation-controller, crossplane-provider-azure-authorization, eksctl, thanos, rancher, chezmoi, falcoctl, terraform,...

7.5CVSS6.5AI score0.00693EPSS
Exploits0
Chainguard
Chainguard
added 2025/03/22 4:12 p.m.16 views

GHSA-MH63-6H87-95CP vulnerabilities

Vulnerabilities for packages: step-ca, thanos, op-geth, chezmoi, opentofu-fips, splunk-otel-collector, cloud-provider-azure, crossplane-provider-azure-sql, grafana-mimir, opentofu, restic-fips, scorecard, cert-manager-fips, traefik-fips, cilium-fips, consul, terraform-fips,...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.21 views

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2025-2779)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300052.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2779 advisory. Calling any of the Parse functions on Go source code which contains deeply nested literals can cause ...

9.1CVSS7.3AI score0.03153EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2024/09/09 12:0 a.m.48 views

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2630)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300044.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2630 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

9.9CVSS7.4AI score0.16496EPSS
Exploits1References10
Amazon
Amazon
added 2024/09/05 12:0 a.m.29 views

Important: amazon-cloudwatch-agent

Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...

9.9CVSS7.5AI score0.16496EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/05/31 12:0 a.m.32 views

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2550)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300039.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2550 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...

7.5CVSS7.5AI score0.91969EPSS
Exploits1References6
Amazon
Amazon
added 2024/05/30 12:0 a.m.27 views

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS8.4AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/05/28 12:0 a.m.14 views

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS8.9AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/05/28 12:0 a.m.6 views

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS7.2AI score0.91969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.75 views

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2424)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300032.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2424 advisory. 2024-02-29: CVE-2023-47108 was added to this advisory. The HTTP/2 protocol allows a denial of service...

7.5CVSS7.1AI score0.03796EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.54 views

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-498)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-498 advisory. 2024-02-29: CVE-2023-47108 was added to this advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

7.5CVSS7AI score0.03796EPSS
Exploits0References10
Amazon
Amazon
added 2024/01/22 12:0 a.m.57 views

Important: amazon-cloudwatch-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

7.5CVSS7.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/08/25 12:0 a.m.8 views

Medium: amazon-cloudwatch-agent

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

5.3CVSS7.1AI score0.01328EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.32 views

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2023-307)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-307 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fi...

5.3CVSS6.9AI score0.01328EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.17 views

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2023-2209)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300026.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2209 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate...

5.3CVSS7AI score0.01328EPSS
Exploits0References4
Amazon
Amazon
added 2023/08/21 12:0 a.m.62 views

Medium: amazon-cloudwatch-agent

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

5.3CVSS7.2AI score0.01328EPSS
Exploits0
Rows per page
Query Builder