16 matches found
CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
EUVD-2013-6568
Malware in sbrugna...
EUVD-2022-6291
Malicious code in bioql PyPI...
CVE-2022-36127
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
Apache SkyWalking Denial of Service Vulnerability
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...
Denial Of Service (DoS)
skywalking-backend-js is vulnerable to denial of service. An attacker can crash the application by providing a malicious SkyWalking header to the from function of ContextCarrier.ts, which improperly validates the sw8 headers and causes OAP to be unhealthy and the downstream service's agent to be...
GHSA-8GPG-466C-5CPJ Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
CVE-2022-36127
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
Code injection
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
CVE-2022-36127 Service unavailability impact in NodeJS agent(version <= 0.5.0)
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
Apache SkyWalking 安全漏洞
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...
CVE-2017-1002008
CVE-2017-1002008 affects the WordPress plugin membership-simplified-for-oap-members-only v1.58. The vulnerability is in the file download.php, which does not verify that a user is logged in or has download privileges, enabling an attacker to obtain arbitrary files. Public writeups and advisories ...
CVE-2013-6766
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENTAUTHENTIC...
CVE-2013-6766
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENTAUTHENTIC...
Authentication flaw
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENTAUTHENTIC...
CVE-2013-6766
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENTAUTHENTIC...