Fedora: Security Advisory for golang-github-prometheus (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: golang-github-prometheus-tsdb-0.10.0-6.fc34

Package Tsdb implements a time series storage for float64 sample data...

[SECURITY] Fedora 34 Update: golang-github-prometheus-node-exporter-1.3.1-7.fc34

Prometheus exporter for hardware and OS metrics exposed by NIX kernels, writ ten in Go with pluggable metric collectors...

[SECURITY] Fedora 34 Update: golang-github-prometheus-2.32.1-4.fc34

The Prometheus monitoring system and time series database...

[SECURITY] Fedora 34 Update: golang-github-prometheus-alertmanager-0.23.0-8.fc34

The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It a lso takes care of silencing and inhibition of alerts...

[SECURITY] Fedora 35 Update: golang-github-prometheus-node-exporter-1.3.1-7.fc35

Prometheus exporter for hardware and OS metrics exposed by NIX kernels, writ ten in Go with pluggable metric collectors...

[SECURITY] Fedora 35 Update: golang-github-prometheus-alertmanager-0.23.0-8.fc35

The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It a lso takes care of silencing and inhibition of alerts...

[SECURITY] Fedora 35 Update: golang-github-prometheus-2.32.1-4.fc35

The Prometheus monitoring system and time series database...

SUSE: Security Advisory (SUSE-SU-2022:1435-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : firewalld, golang-github-prometheus-prometheus (SUSE-SU-2022:1435-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1435-1 advisory. - clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgola...

SUSE-SU-2022:1435-1 Security update for firewalld, golang-github-prometheus-prometheus

This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP...

SUSE-SU-2022:1433-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...

Important: Red Hat Security Advisory: Logging Subsystem 5.4 - Red Hat OpenShift Security and Bug update

Logging Subsystem 5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...

CVE-2022-24797 Exposure of Sensitive Information in Pomerium

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...

Pomerium 安全漏洞

Pomerium is an open source identity-aware access agent from the U.S. company Pomerium. It is used to enable secure access to internal applications. A security vulnerability exists in Pomerium that stems from the fact that in a distributed services model, Pomerium's authentication service exposes...

SUSE-FU-2022:0750-1 Feature update for SUSE Manager Client Tools

This feature update fixes the following issues: cobbler: - Move configuration files ownership to apache bsc1195906 - Make configuration files only readable by root bsc1193671, CVE-2021-45083 golang-github-prometheus-prometheus: - Upgrade to upstream version 2.32.1 jscSLE-22863 + Bugfixes: Scrape:...

Grafana Cross-Site Scripting Vulnerability (CNVD-2022-28802)

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. A cross-site scripting vulnerability exists in Grafana, which stems from the product's failure to...

Grafana Cross-Site Request Forgery Vulnerability

Grafana is an open source monitoring tool from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. A cross-site request forgery vulnerability exists in Grafana, which stems from the product's failure to...

Important: Red Hat Security Advisory: Service Telemetry Framework 1.3 (sg-core-container) security update

An update for sg-core-container is now available for Service Telemetry Framework 1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Uncontrolled Resource Consumption in promhttp

This is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API. clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgola...