exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 14

CVE-2023-47108

больше 1 года назад

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-47108

больше 1 года назад

CVSS3: 7.5

EPSS: Низкий

CVE-2023-47108

больше 1 года назад

CVSS3: 7.5

EPSS: Низкий

CVE-2023-47108

больше 1 года назад

CVSS3: 7.5

EPSS: Низкий

GHSA-8pgv-569h-w5rw

больше 1 года назад

otelgrpc DoS vulnerability due to unbound cardinality metrics

CVSS3: 7.5

EPSS: Низкий

BDU:2024-06663

больше 1 года назад

Уязвимость набора дополнительных инструментов и библиотек для языка Go, предназначенных для интеграции с OpenTelemetry, OpenTelemetry-Go Contrib, связанная с распределением ресурсов без ограничений и регулирования, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5

EPSS: Низкий

SUSE-SU-2024:4360-1

8 месяцев назад

Security update for docker

EPSS: Низкий

SUSE-SU-2024:4319-1

8 месяцев назад

Security update for docker

EPSS: Низкий

SUSE-SU-2024:3221-1

11 месяцев назад

Security update for containerd

EPSS: Низкий

SUSE-SU-2024:3188-1

11 месяцев назад

Security update for containerd

EPSS: Низкий

ROS-20250801-01

4 дня назад

Множественные уязвимости golang-opentelemetry-contrib-devel

CVSS3: 7.5

EPSS: Низкий

openSUSE-SU-2025:0003-1

7 месяцев назад

Security update for etcd

EPSS: Низкий

ROS-20240826-13

11 месяцев назад

Множественные уязвимости etcd

CVSS3: 7.5

EPSS: Низкий

SUSE-SU-2024:3656-1

10 месяцев назад

Security update for etcd

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-47108 OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.	CVSS3: 7.5	3% Низкий	больше 1 года назад
CVE-2023-47108 OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.	CVSS3: 7.5	3% Низкий	больше 1 года назад
CVE-2023-47108 OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.	CVSS3: 7.5	3% Низкий	больше 1 года назад
CVE-2023-47108	CVSS3: 7.5	3% Низкий	больше 1 года назад
GHSA-8pgv-569h-w5rw otelgrpc DoS vulnerability due to unbound cardinality metrics	CVSS3: 7.5	3% Низкий	больше 1 года назад
BDU:2024-06663 Уязвимость набора дополнительных инструментов и библиотек для языка Go, предназначенных для интеграции с OpenTelemetry, OpenTelemetry-Go Contrib, связанная с распределением ресурсов без ограничений и регулирования, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 7.5	3% Низкий	больше 1 года назад
SUSE-SU-2024:4360-1 Security update for docker			8 месяцев назад
SUSE-SU-2024:4319-1 Security update for docker			8 месяцев назад
SUSE-SU-2024:3221-1 Security update for containerd			11 месяцев назад
SUSE-SU-2024:3188-1 Security update for containerd			11 месяцев назад
ROS-20250801-01 Множественные уязвимости golang-opentelemetry-contrib-devel	CVSS3: 7.5		4 дня назад
openSUSE-SU-2025:0003-1 Security update for etcd			7 месяцев назад
ROS-20240826-13 Множественные уязвимости etcd	CVSS3: 7.5		11 месяцев назад
SUSE-SU-2024:3656-1 Security update for etcd			10 месяцев назад

Уязвимостей на страницу