32 matches found
GHSA-9983-VRX2-FG9C vulnerabilities
Vulnerabilities for packages: telegraf, kine, nats-top, nats, k3s...
AZL-77645 CVE-2026-26014 affecting package telegraf for versions less than 1.29.4-21
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...
AZL-77547 CVE-2026-2303 affecting package telegraf for versions less than 1.29.4-21
The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...
AZL-75557 CVE-2025-11065 affecting package telegraf 1.31.0-12
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-22872 affecting package telegraf for versions less than 1.29.4-16
CVE-2025-22872 affecting package telegraf for versions less than 1.29.4-16. A patched version of the package is available...
CVE-2025-22872 affecting package telegraf for versions less than 1.31.0-10
CVE-2025-22872 affecting package telegraf for versions less than 1.31.0-10. A patched version of the package is available...
Azure Linux 3.0 Security Update: telegraf (CVE-2025-30215)
The version of telegraf installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30215 advisory. - NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In...
CBL Mariner 2.0 Security Update: telegraf (CVE-2025-30215)
The version of telegraf installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30215 advisory. - NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In...
CVE-2025-30215 affecting package telegraf for versions less than 1.31.0-9
CVE-2025-30215 affecting package telegraf for versions less than 1.31.0-9. A patched version of the package is available...
CVE-2024-35255 affecting package telegraf for versions less than 1.31.0-1
CVE-2024-35255 affecting package telegraf for versions less than 1.31.0-1. A patched version of the package is available...
CVE-2024-51744 affecting package telegraf for versions less than 1.29.4-14
CVE-2024-51744 affecting package telegraf for versions less than 1.29.4-14. A patched version of the package is available...
CVE-2025-30204 affecting package telegraf for versions less than 1.31.0-7
CVE-2025-30204 affecting package telegraf for versions less than 1.31.0-7. A patched version of the package is available...
Azure Linux 3.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)
The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...
CVE-2024-51744 affecting package telegraf for versions less than 1.31.0-6
CVE-2024-51744 affecting package telegraf for versions less than 1.31.0-6. A patched version of the package is available...
AZL-59235 CVE-2025-30204 affecting package telegraf for versions less than 1.29.4-13
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
CVE-2025-22868 affecting package telegraf for versions less than 1.29.4-11
CVE-2025-22868 affecting package telegraf for versions less than 1.29.4-11. A patched version of the package is available...
CVE-2025-22869 affecting package telegraf for versions less than 1.29.4-11
CVE-2025-22869 affecting package telegraf for versions less than 1.29.4-11. A patched version of the package is available...
AZL-57350 CVE-2025-22869 affecting package telegraf for versions less than 1.31.0-7
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-57440 CVE-2025-22869 affecting package telegraf for versions less than 1.29.4-13
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-57389 CVE-2025-22868 affecting package telegraf for versions less than 1.31.0-7
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...