Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2927

Malicious code in bioql PyPI...

7.5CVSS6.2AI score0.01592EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.22 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2024-697)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-697 advisory. 2024-08-28: CVE-2024-24790 was added to this advisory. 2024-08-09: CVE-2023-47108 was removed from this advisory. 2024-08-09: The severity of this advisory has been changed from Important to...

9.8CVSS7AI score0.01952EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.37 views

CBL Mariner 2.0 Security Update: containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc (CVE-2023-47108)

The version of containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-47108 advisory. - OpenTelemetry-Go Contrib is a collecti...

7.5CVSS6.9AI score0.01592EPSS
Exploits0References2
OSV
OSV
added 2024/06/27 6:0 p.m.29 views

GO-2023-2331 Denial of service in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc

The grpc Unary Server Interceptor created by the otelgrpc package added the labels net.peer.sock.addr and net.peer.sock.port with unbounded cardinality. This can lead to the server's potential memory exhaustion when many malicious requests are sent. This leads to a denial-of-service...

7.5CVSS7.6AI score0.01592EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/31 12:0 a.m.48 views

RHCOS 4 : OpenShift Container Platform 4.12.48 (RHSA-2024:0489)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0489 advisory. - opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics CVE-2023-47108 Note that Nessus has not tested f...

7.5CVSS6.9AI score0.01592EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/01/31 12:0 a.m.47 views

RHEL 8 : OpenShift Container Platform 4.12.48 (RHSA-2024:0489)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0489 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

7.5CVSS7.1AI score0.01592EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.45 views

RHCOS 4 : OpenShift Container Platform 4.14.9 (RHSA-2024:0207)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0207 advisory. - cri-o: Pods are able to break out of resource confinement on cgroupv2 CVE-2023-6476 - opentelemetry-go-contrib: DoS vulnerability ...

7.5CVSS7AI score0.01592EPSS
Exploits0References7
Amazon
Amazon
added 2024/01/22 12:0 a.m.57 views

Important: amazon-cloudwatch-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

7.5CVSS7.9AI score0.03796EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.47 views

RHEL 8 / 9 : OpenShift Container Platform 4.14.9 (RHSA-2024:0207)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0207 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

7.5CVSS7.1AI score0.01592EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2024/01/16 8:8 p.m.42 views

K000138255: Go OpenTelemetry Contrib vulnerability CVE-2023-47108

Security Advisory Description OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6.3AI score0.01592EPSS
Exploits0
Veracode
Veracode
added 2023/11/13 11:23 a.m.30 views

Denial Of Service

go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc is vulnerable to Denial of Service. The vulnerability is caused by the grpc unary server interceptor having out of the box labels. The labels net.peer.sock.addr and net.peer.sock.port have unbound cardinality. This leads ...

7.5CVSS7AI score0.01592EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/12 3:55 p.m.53 views

otelgrpc DoS vulnerability due to unbound cardinality metrics

Summary The grpc Unary Server Interceptor opentelemetry-go-contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go // UnaryServerInterceptor returns a grpc.UnaryServerInterceptor suitable // for use in a grpc.NewServer call. func UnaryServerInterceptoropts ...Option...

7.5CVSS7.1AI score0.01592EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/11/12 12:0 a.m.64 views

otelgrpc DoS vulnerability due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...

7.5CVSS7AI score0.01592EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/11/10 7:15 p.m.34 views

CVE-2023-47108

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS0.01592EPSS
Exploits0References7
Prion
Prion
added 2023/11/10 7:15 p.m.38 views

Code injection

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...

5CVSS7AI score0.01592EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/11/10 6:31 p.m.34 views

CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6.3AI score0.01592EPSS
Exploits0References9
CVE
CVE
added 2023/11/10 6:31 p.m.963 views

CVE-2023-47108

The CVE-2023-47108 issue affects OpenTelemetry-Go Contrib's grpc Unary Server Interceptor in versions >=0.37.0 and

7.5CVSS6AI score0.01592EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/10 6:31 p.m.16 views

CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6AI score0.01592EPSS
Exploits0References7
Rows per page
Query Builder