apk package
chainguard/opentelemetry-collector-ocb-fips
pkg:apk/chainguard/opentelemetry-collector-ocb-fips
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35255 | — | < 0.103.0-r0 | 0.103.0-r0 | Jun 11, 2024 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||
| CVE-2024-36129 | — | < 0.102.1-r0 | 0.102.1-r0 | Jun 5, 2024 | The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 | ||
| CVE-2024-24788 | Med | 5.9 | < 0.100.0-r1 | 0.100.0-r1 | May 8, 2024 | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | |
| CVE-2019-3826 | — | < 0 | 0 | Mar 26, 2019 | A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri |
- CVE-2024-35255Jun 11, 2024affected < 0.103.0-r0fixed 0.103.0-r0
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
- CVE-2024-36129Jun 5, 2024affected < 0.102.1-r0fixed 0.102.1-r0
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1
- affected < 0.100.0-r1fixed 0.100.0-r1
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
- CVE-2019-3826Mar 26, 2019affected < 0fixed 0
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri
Page 3 of 3