nlamirault / bbox_exporter Goto Github PK

4.0 3.0 2.0 1.9 MB

A Prometheus exporter for the Bouyges Telecom box

License: Apache License 2.0

Makefile 5.19% Go 92.59% Dockerfile 2.23%

galactus prometheus bouygues-telecom-ftth prometheus-exporter bbox terraform

bbox_exporter's Introduction

bbox_exporter

A Prometheus exporter for the Bbox, a Set-Top-Box (TV box) provided by French Internet Service Provider Bouygues Telecom.

Metrics are :

Name	Exposed informations	Labels
`bbox_device_cpu`	CPU Time	`mode`
`bbox_device_memory`	Memory in kB	̀`type`
`bbox_device_process`	Processus	`type`
`bbox_device_status`	Current status
`bbox_device_temperature`	Current internal temperature in °C
`bbox_dns_average`	Average of average dns response time
`bbox_dns_max`	Maximun of average dns response time
`bbox_dns_min`	Minimun of average dns response time
`bbox_dns_number_of_queries`	Number of queries
`bbox_lan_received_bytes`	RX bytes
`bbox_lan_received_packets`	RX packets
`bbox_lan_received_packets_discards`	RX packets discards
`bbox_lan_received_packets_errors`	RX packets in error
`bbox_lan_transmitted_bytes`	TX bytes
`bbox_lan_transmitted_packets`	TX packets
`bbox_lan_transmitted_packets_discards`	TX packets discards
`bbox_lan_transmitted_packets_errors`	TX packets in error
`bbox_up`	Was the last query of BBox successful.
`bbox_wan_ftth_state`	LinkState of the GEth FTTH port
`bbox_wan_received_bandwidth`	RX bandwith available
`bbox_wan_received_bandwidth_max`	RX bandwith available
`bbox_wan_received_bytes`	RX bytes
`bbox_wan_received_packets`	RX packets
`bbox_wan_received_packets_discards`	RX packets discards
`bbox_wan_received_packets_errors`	RX packets in error
`bbox_wan_transmitted_bandwidth`	TX bandwith available
`bbox_wan_transmitted_bandwidth_max`	TX maximum bandwith available
`bbox_wan_transmitted_bytes`	TX bytes
`bbox_wan_transmitted_packets`	TX packets
`bbox_wan_transmitted_packets_discards`	TX packets discards
`bbox_wan_transmitted_packets_errors`	TX packets in error

Usage

Launch the Prometheus exporter :

> bbox_exporter --help

Local Deployment

Launch Prometheus using the configuration file in this repository:
```
  $ prometheus -config.file=prometheus.yml
```
Launch exporter:
```
  $ bbox_exporter -log.level=debug
```
Check that Prometheus find the exporter on http://localhost:9090/targets

Contributing

See CONTRIBUTING.

License

See LICENSE for the complete license.

Contact

Nicolas Lamirault [email protected]

bbox_exporter's People

Contributors

Stargazers

Watchers

Forkers

killiancdp doriandu45

bbox_exporter's Issues

Dependency Dashboard

This issue provides visibility into Renovate updates and their statuses. Learn more

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Check this box to trigger a request for Renovate to run again on this repository

CVE-2020-9283 (High) detected in github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 - autoclosed

CVE-2020-9283 - High Severity Vulnerability

Vulnerable Library - github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

github.com/prometheus/common-v0.4.1 (Root Library)
- github.com/sirupsen/logrus-v1.2.0
  - ❌ github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 (Vulnerable Library)

Found in HEAD commit: 640de6083ab1d8df17b9861dd52a5e37618b9edc

Found in base branch: master

Vulnerability Details

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.

Publish Date: 2020-02-20

URL: CVE-2020-9283

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283

Release Date: 2020-02-20

Fix Resolution: github.com/golang/crypto - bac4c82f69751a6dd76e702d54b3ceb88adab236

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7919 (High) detected in github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 - autoclosed

CVE-2020-7919 - High Severity Vulnerability

Vulnerable Library - github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

github.com/prometheus/common-v0.4.1 (Root Library)
- github.com/sirupsen/logrus-v1.2.0
  - ❌ github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 (Vulnerable Library)

Found in HEAD commit: 640de6083ab1d8df17b9861dd52a5e37618b9edc

Found in base branch: master

Vulnerability Details

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

Publish Date: 2020-03-16

URL: CVE-2020-7919

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919

Release Date: 2020-03-16

Fix Resolution: go - 1.12.16,1.13.7;crypto - v0.0.0-20200128174031-69ecbb4d6d5d

Step up your Open Source Security Game with WhiteSource here

CVE-2021-43565 (High) detected in github.com/golang/crypto-c084706c2272f3d44b722e988e70d4a58e60e7f4 - autoclosed

CVE-2021-43565 - High Severity Vulnerability

Vulnerable Library - github.com/golang/crypto-c084706c2272f3d44b722e988e70d4a58e60e7f4

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

github.com/prometheus/exporter-toolkit-v0.7.1 (Root Library)
- ❌ github.com/golang/crypto-c084706c2272f3d44b722e988e70d4a58e60e7f4 (Vulnerable Library)

Found in HEAD commit: e82442964bf41e4d6a9d9b8aeae065f03f343cf6

Found in base branch: master

Vulnerability Details

There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.

Publish Date: 2021-11-10

URL: CVE-2021-43565

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43565

Release Date: 2021-11-10

Fix Resolution: golang-golang-x-crypto-dev - 1:0.0~git20211202.5770296-1;golang-go.crypto-dev - 1:0.0~git20211202.5770296-1

Step up your Open Source Security Game with Mend here

CVE-2019-11840 (Medium) detected in github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 - autoclosed

CVE-2019-11840 - Medium Severity Vulnerability

Vulnerable Library - github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

github.com/prometheus/common-v0.4.1 (Root Library)
- github.com/sirupsen/logrus-v1.2.0
  - ❌ github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 (Vulnerable Library)

Found in HEAD commit: 640de6083ab1d8df17b9861dd52a5e37618b9edc

Found in base branch: master

Vulnerability Details

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

Publish Date: 2019-05-09

URL: CVE-2019-11840

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://go-review.googlesource.com/c/crypto/+/168406/

Release Date: 2019-05-09

Fix Resolution: commit b7391e95e576cacdcdd422573063bc057239113d

Step up your Open Source Security Game with WhiteSource here

CVE-2020-29652 (High) detected in github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 - autoclosed

CVE-2020-29652 - High Severity Vulnerability

Vulnerable Library - github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

github.com/prometheus/common-v0.4.1 (Root Library)
- github.com/sirupsen/logrus-v1.2.0
  - ❌ github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 (Vulnerable Library)

Found in HEAD commit: 640de6083ab1d8df17b9861dd52a5e37618b9edc

Found in base branch: master

Vulnerability Details

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

Publish Date: 2020-12-17

URL: CVE-2020-29652

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1

Release Date: 2020-12-17

Fix Resolution: v0.0.0-20201216223049-8b5274cf687f

Step up your Open Source Security Game with WhiteSource here

Renovate Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Update docker/metadata-action action to v5.5.0
Update quay.io/prometheus/prometheus Docker tag to v2.48.1
Update actions/setup-go action to v5
Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

Detected dependencies

docker-compose

docker-compose.yml

quay.io/prometheus/prometheus v2.47.0

dockerfile

Dockerfile

golang 1.21

github-actions

.github/workflows/docker-build.yml

actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608

docker/metadata-action v5.0.0

docker/setup-qemu-action v3.0.0

docker/setup-buildx-action v2.5.0

docker/login-action v3.0.0

docker/build-push-action v5

.github/workflows/docker-publish.yml

actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608

docker/metadata-action v5.0.0

docker/setup-qemu-action v3.0.0

docker/setup-buildx-action v2.5.0

docker/login-action v3.0.0

docker/build-push-action v5

.github/workflows/draft-labels.yml

jinmayamashita/ready-for-review 1.0.0

.github/workflows/golang-goreleaser.yml

actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608

actions/setup-go v3

goreleaser/goreleaser-action v5

.github/workflows/golang-gosec.yml

actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608

.github/workflows/golang-lint.yml

actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608

golangci/golangci-lint-action v3

.github/workflows/prow-labels.yml

.github/workflows/prow-lgtm-merge.yml

jpmcb/prow-github-actions v1.1.3

.github/workflows/prow-lgtm-pull.yml

jpmcb/prow-github-actions v1.1.3

.github/workflows/prow.yml

jpmcb/prow-github-actions v1.1.3

.github/workflows/rebase.yml

actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608

cirrus-actions/rebase 1.8

.github/workflows/release-drafter.yml

release-drafter/release-drafter v5

.github/workflows/renovate.yml

actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608

peter-evans/create-pull-request v5

.github/workflows/size.yaml

actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608

actions-ecosystem/action-size v2

actions-ecosystem/action-remove-labels v1

actions-ecosystem/action-add-labels v1

gomod

go.mod

go 1.17

Check this box to trigger a request for Renovate to run again on this repository

CVE-2019-11841 (Medium) detected in github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 - autoclosed

CVE-2019-11841 - Medium Severity Vulnerability

Vulnerable Library - github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

github.com/prometheus/common-v0.4.1 (Root Library)
- github.com/sirupsen/logrus-v1.2.0
  - ❌ github.com/golang/crypto-0709b304e793a5edb4a2c0145f281ecdc20838a4 (Vulnerable Library)

Found in HEAD commit: 640de6083ab1d8df17b9861dd52a5e37618b9edc

Found in base branch: master

Vulnerability Details

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.

Publish Date: 2019-05-22

URL: CVE-2019-11841

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2022-28948 (Medium) detected in github.com/go-yaml/yaml-v2.4.0 - autoclosed

CVE-2022-28948 - Medium Severity Vulnerability

Vulnerable Library - github.com/go-yaml/yaml-v2.4.0

YAML support for the Go language.

Dependency Hierarchy:

github.com/prometheus/common-v0.33.0 (Root Library)
- ❌ github.com/go-yaml/yaml-v2.4.0 (Vulnerable Library)

Found in HEAD commit: e82442964bf41e4d6a9d9b8aeae065f03f343cf6

Found in base branch: master

Vulnerability Details

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

Publish Date: 2022-05-19

URL: CVE-2022-28948

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-fm53-mpmp-7qw2

Release Date: 2022-05-19

Fix Resolution: v3.0.0

Step up your Open Source Security Game with Mend here

BBox Exporter on Raspberry Pi 3 & 4

Hello.

I try to execute bbox_exporter on Raspberry Pi 3 and 4.

I used the ARM64 precompiled version : bbox_exporter_0.4.0_linux_arm64.tar.gz

Here is the output of the ./bbox_exporter command :
-bash: ./bbox_exporter: cannot execute binary file: Exec format error

Is the ARM64 version compatible with Raspberry Pi 3 or 4 ?

Thank you.

CVE-2022-21698 (High) detected in github.com/prometheus/client_golang-v1.11.0

CVE-2022-21698 - High Severity Vulnerability

Vulnerable Library - github.com/prometheus/client_golang-v1.11.0

Prometheus instrumentation library for Go applications

Library home page: https://proxy.golang.org/github.com/prometheus/client_golang/@v/v1.11.0.zip

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

❌ github.com/prometheus/client_golang-v1.11.0 (Vulnerable Library)

Found in HEAD commit: 5debebbb3a08c2ae62c91a1587dfbfa578be2b77

Found in base branch: master

Vulnerability Details

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of promhttp.InstrumentHandler* middleware except RequestsInFlight; not filter any specific methods (e.g GET) before middleware; pass metric with method label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown method. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the method label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

Publish Date: 2022-02-15

URL: CVE-2022-21698

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cg3q-j54f-5p7p

Release Date: 2022-02-15

Fix Resolution: v1.11.1

Step up your Open Source Security Game with Mend here

CVE-2022-41721 (High) detected in github.com/golang/net-v0.1.0

CVE-2022-41721 - High Severity Vulnerability

Vulnerable Library - github.com/golang/net-v0.1.0

[mirror] Go supplementary network libraries

Library home page: https://proxy.golang.org/github.com/golang/net/@v/v0.1.0.zip

Dependency Hierarchy:

github.com/prometheus/common-v0.30.0 (Root Library)
- ❌ github.com/golang/net-v0.1.0 (Vulnerable Library)

Found in base branch: master

Vulnerability Details

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

Publish Date: 2023-01-13

URL: CVE-2022-41721

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-01-13

Fix Resolution: v0.2.0

Step up your Open Source Security Game with Mend here

CVE-2023-39325 (High) detected in github.com/golang/net-v0.1.0

CVE-2023-39325 - High Severity Vulnerability

Vulnerable Library - github.com/golang/net-v0.1.0

[mirror] Go supplementary network libraries

Library home page: https://proxy.golang.org/github.com/golang/net/@v/v0.1.0.zip

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

github.com/prometheus/common-v0.30.0 (Root Library)
- ❌ github.com/golang/net-v0.1.0 (Vulnerable Library)

Found in base branch: master

Vulnerability Details

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

Publish Date: 2023-10-11

URL: CVE-2023-39325

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pkg.go.dev/vuln/GO-2023-2102

Release Date: 2023-10-11

Fix Resolution: go1.20.10, go1.21.3, golang.org/x/net - v0.17.0

Step up your Open Source Security Game with Mend here

CVE-2022-32149 (High) detected in github.com/golang/text-v0.3.7

CVE-2022-32149 - High Severity Vulnerability

Vulnerable Library - github.com/golang/text-v0.3.7

[mirror] Go text processing support

Library home page: https://proxy.golang.org/github.com/golang/text/@v/v0.3.7.zip

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

github.com/prometheus/common-v0.30.0 (Root Library)
- github.com/golang/net-v0.1.0
  - ❌ github.com/golang/text-v0.3.7 (Vulnerable Library)

Found in HEAD commit: 5debebbb3a08c2ae62c91a1587dfbfa578be2b77

Found in base branch: master

Vulnerability Details

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Publish Date: 2022-10-14

URL: CVE-2022-32149

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-32149

Release Date: 2022-10-14

Fix Resolution: v0.3.8

Step up your Open Source Security Game with Mend here

CVE-2022-27191 (High) detected in github.com/golang/crypto-c084706c2272f3d44b722e988e70d4a58e60e7f4 - autoclosed

CVE-2022-27191 - High Severity Vulnerability

Vulnerable Library - github.com/golang/crypto-c084706c2272f3d44b722e988e70d4a58e60e7f4

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

github.com/prometheus/exporter-toolkit-v0.7.1 (Root Library)
- ❌ github.com/golang/crypto-c084706c2272f3d44b722e988e70d4a58e60e7f4 (Vulnerable Library)

Found in HEAD commit: e82442964bf41e4d6a9d9b8aeae065f03f343cf6

Found in base branch: master

Vulnerability Details

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

Publish Date: 2022-03-18

URL: CVE-2022-27191

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-27191

Release Date: 2022-03-18

Fix Resolution: golang-golang-x-crypto-dev - 1:0.0~git20220315.3147a52-1;golang-go.crypto-dev - 1:0.0~git20220315.3147a52-1

Step up your Open Source Security Game with Mend here

API : Invalid response type

According to the documentation https://api.bbox.fr/doc/apirouter/index.html#api-WAN-GetWANIPStats. , bytes value must be a number.

But :

[  
   {  
      "wan":{  
         "ip":{  
            "stats":{  
               "rx":{  
                  "packets":12427023,
                  "bytes":"2232074114",
                  "packetserrors":0,
                  "packetsdiscards":0,
                  "occupation":1,
                  "bandwidth":1576,
                  "maxBandwidth":1000000
               },
               "tx":{  
                  "packets":18939859,
                  "bytes":"2786812203",
                  "packetserrors":0,
                  "packetsdiscards":0,
                  "occupation":0,
                  "bandwidth":21,
                  "maxBandwidth":1000000
               }
            }
         }
      }
   }
]

nlamirault / bbox_exporter Goto Github PK

bbox_exporter's Introduction

bbox_exporter

Usage

Local Deployment

Contributing

License

Contact

bbox_exporter's People

Contributors

Stargazers

Watchers

Forkers

bbox_exporter's Issues

Open

CVE-2020-9283 - High Severity Vulnerability

CVE-2020-7919 - High Severity Vulnerability

CVE-2021-43565 - High Severity Vulnerability

CVE-2019-11840 - Medium Severity Vulnerability

CVE-2020-29652 - High Severity Vulnerability

Open

Ignored or Blocked

Detected dependencies

CVE-2019-11841 - Medium Severity Vulnerability

CVE-2022-28948 - Medium Severity Vulnerability

CVE-2022-21698 - High Severity Vulnerability

CVE-2022-41721 - High Severity Vulnerability

CVE-2023-39325 - High Severity Vulnerability

CVE-2022-32149 - High Severity Vulnerability

CVE-2022-27191 - High Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org