Lucene search
K

9 matches found

BDU FSTEC
BDU FSTEC
added 2024/09/03 12:0 a.m.6 views

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry-Go Contrib, relates to the distribution of resources without any restrictions or regulations. This allows a malicious actor to cause service failures.

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry, relates to the distribution of resources without any restrictions or regulation when adding the net.peer.sock.addr and net.peer.sock.port tags, which have unrestricted...

7.8CVSS7AI score0.01592EPSS
Exploits0References7Affected Software2
Amazon
Amazon
added 2024/02/05 12:0 a.m.4 views

Important: cri-tools

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.2AI score0.01364EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/11/16 12:0 a.m.6 views

The vulnerability lies in the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry-Go Contrib. This vulnerability is related to the unlimited distribution of resources, allowing attackers to cause service failures.

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry, relates to the unlimited distribution of resources. Exploiting this vulnerability allows a remote attacker to cause service failures...

7.8CVSS7.5AI score0.01364EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2023/11/10 7:15 p.m.7 views

AZL-35440 CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6.7AI score0.01592EPSS
Exploits0References1
OSV
OSV
added 2023/11/10 7:15 p.m.7 views

AZL-34891 CVE-2023-47108 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6.8AI score0.01592EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 5:15 p.m.7 views

AZL-34580 CVE-2023-45142 affecting package cert-manager for versions less than 1.12.12-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 5:15 p.m.5 views

AZL-33347 CVE-2023-45142 affecting package moby-compose for versions less than 2.17.3-7

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 5:15 p.m.4 views

AZL-39972 CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 5:15 p.m.10 views

AZL-31303 CVE-2023-45142 affecting package cri-tools for versions less than 1.29.0-2

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7AI score0.01364EPSS
Exploits0References1
Rows per page
Query Builder