17 matches found
EUVD-2022-0960
Malicious code in bioql PyPI...
GO-2023-2331 Denial of service in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
The grpc Unary Server Interceptor created by the otelgrpc package added the labels net.peer.sock.addr and net.peer.sock.port with unbounded cardinality. This can lead to the server's potential memory exhaustion when many malicious requests are sent. This leads to a denial-of-service...
RHEL 8 : odo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - follow-redirects: Exposure of Sensitive Information via Authorization Header leak CVE-2022-0536 - golang:...
CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics
...
Allocation of Resources Without Limits or Throttling
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-39972 CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : golang-github-prometheus-node_exporter (SUSE-SU-2022:3745-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3745-1 advisory. bsc1196338, jscSLE-24238, jscSLE-24239, jscSUMA-114, CVE-2022-21698 Tenable has extracted the preceding...
Updated golang-github-prometheus-client packages fix security vulnerability
HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...
MGASA-2022-0180 Updated golang-github-prometheus-client packages fix security vulnerability
HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...
Denial Of Service (DoS)
github.com/prometheus/clientgolang is vulnerable to Denial Of Service DoS. Lack of proper handling of requests with non-standard HTTP methods allows an attacker to cause unbounded cardinality, and potential memory exhaustion...
AZL-31981 CVE-2022-21698 affecting package kured for versions less than 1.13.2-1
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
AZL-33626 CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.10-19
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
DEBIAN-CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698 Uncontrolled Resource Consumption in promhttp
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698 Uncontrolled Resource Consumption in promhttp
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...