rpm package
opensuse/teleport&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/teleport&distro=openSUSE%20Tumbleweed
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48795 | Med | 5.9 | < 14.3.0-1.1 | 14.3.0-1.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-45142 | — | < 14.1.1-1.1 | 14.1.1-1.1 | Oct 12, 2023 | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests | ||
| CVE-2023-45133 | — | < 14.1.1-1.1 | 14.1.1-1.1 | Oct 12, 2023 | Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 14.1.1-1.1 | 14.1.1-1.1 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
- affected < 14.3.0-1.1fixed 14.3.0-1.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-45142Oct 12, 2023affected < 14.1.1-1.1fixed 14.1.1-1.1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests
- CVE-2023-45133Oct 12, 2023affected < 14.1.1-1.1fixed 14.1.1-1.1
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when
- affected < 14.1.1-1.1fixed 14.1.1-1.1
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Page 2 of 2