Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0960

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.05994EPSS
Exploits0References78
OSV
OSV
added 2024/06/27 6:0 p.m.32 views

GO-2023-2331 Denial of service in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc

The grpc Unary Server Interceptor created by the otelgrpc package added the labels net.peer.sock.addr and net.peer.sock.port with unbounded cardinality. This can lead to the server's potential memory exhaustion when many malicious requests are sent. This leads to a denial-of-service...

7.5CVSS7.6AI score0.01592EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.30 views

RHEL 8 : odo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - follow-redirects: Exposure of Sensitive Information via Authorization Header leak CVE-2022-0536 - golang:...

7.5CVSS8.8AI score0.05994EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/11/10 6:31 p.m.44 views

CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS7.6AI score0.01592EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2023/10/16 7:0 a.m.4 views

OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics

...

7.5CVSS7.3AI score0.01364EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2023/10/16 12:0 a.m.27 views

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS6.2AI score0.01364EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2023/10/12 5:15 p.m.4 views

AZL-39972 CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/10/27 12:0 a.m.45 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : golang-github-prometheus-node_exporter (SUSE-SU-2022:3745-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3745-1 advisory. bsc1196338, jscSLE-24238, jscSLE-24239, jscSUMA-114, CVE-2022-21698 Tenable has extracted the preceding...

7.5CVSS6.8AI score0.05994EPSS
Exploits0References4
Mageia
Mageia
added 2022/05/15 10:6 a.m.214 views

Updated golang-github-prometheus-client packages fix security vulnerability

HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...

7.5CVSS1.4AI score0.05994EPSS
Exploits0References4
OSV
OSV
added 2022/05/15 10:6 a.m.7 views

MGASA-2022-0180 Updated golang-github-prometheus-client packages fix security vulnerability

HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...

7.5CVSS8.2AI score0.05994EPSS
Exploits0References5
Veracode
Veracode
added 2022/02/16 7:17 a.m.27 views

Denial Of Service (DoS)

github.com/prometheus/clientgolang is vulnerable to Denial Of Service DoS. Lack of proper handling of requests with non-standard HTTP methods allows an attacker to cause unbounded cardinality, and potential memory exhaustion...

7.5CVSS8.7AI score0.05994EPSS
Exploits0References40Affected Software10
OSV
OSV
added 2022/02/15 4:15 p.m.8 views

AZL-31981 CVE-2022-21698 affecting package kured for versions less than 1.13.2-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 4:15 p.m.7 views

AZL-33626 CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.10-19

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
NVD
NVD
added 2022/02/15 4:15 p.m.29 views

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS0.05994EPSS
Exploits0References22
OSV
OSV
added 2022/02/15 4:15 p.m.1 views

DEBIAN-CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS7AI score0.05994EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/15 12:0 a.m.34 views

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS8.9AI score0.05994EPSS
Exploits0References22
OSV
OSV
added 2022/02/15 12:0 a.m.35 views

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS7.5AI score0.05994EPSS
Exploits0References24
Rows per page
Query Builder