Fedora: Security Advisory for golang-github-prometheus-client (FEDORA-2022-92ef43c439)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-prometheus-client-1.12.2-2.fc36

This is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API...

CVE-2021-29622 affecting package prometheus for versions less than 2.36.0-2

CVE-2021-29622 affecting package prometheus for versions less than 2.36.0-2. An upgraded version of the package is available that resolves this issue...

AZL-35115 CVE-2022-29526 affecting package prometheus for versions less than 2.37.0-1

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-33629 CVE-2022-29526 affecting package prometheus for versions less than 2.37.0-1

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

SUSE SLED15 / SLES15 Security Update : node_exporter (SUSE-SU-2022:2140-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2140-1 advisory. - clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgola...

SUSE SLES15 Security Update : golang-github-prometheus-node_exporter (SUSE-SU-2022:2137-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2137-1 advisory. - clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling...

SUSE: Security Advisory (SUSE-SU-2022:2140-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for node_exporter (SUSE-SU-2022:2140-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:2137-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for golang-github-prometheus-alertmanager (SUSE-SU-2022:2139-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2144-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: inter-server-sync: - version 0.2.2 Parameter --channel-with-children didn't export data bsc1199089 Clean rhnchannelcloned table to rebuild hierarchy bsc1197400 - Version 0.2.1 Correct sequence in use for table rhnpackagekeybsc1197400 Make Docker image expor...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.10.2 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.10.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...

Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool

This blog is part of our live coverage from RSA Conference 2022: Prometheus—a ransomware build based on Thanos that locked up victims’ computers in the summer of 2021—included a major “vulnerability” that led security researchers at IBM to try and build a one-size-fits-all ransomware decryptor th...

prometheus/client_golang: Denial of service using InstrumentHandlerCounter

A denial of service attack was found in prometheus/clientgolang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability...

Kubernetes ingress exposes sensitive information

Versions 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly...

GHSA-P3X5-5XPX-9PHM Kubernetes ingress exposes sensitive information

Versions 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly...

Mageia: Security Advisory (MGASA-2022-0180)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

prometheus/client_golang: Denial of service using InstrumentHandlerCounter

A denial of service attack was found in prometheus/clientgolang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability...

openSUSE: Security Advisory for firewalld, (SUSE-SU-2022:1435-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...