CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

prometheus client golang 资源管理错误漏洞

Prometheus is an open source software written in the Go language for recording real-time metrics in time series databases built using the HTTP pull model. A resource management error vulnerability exists in prometheus client golang, which arises from mismanagement of system resources e.g., memory...

PT-2022-4597

Name of the Vulnerable Software and Affected Versions client golang versions prior to 1.11.1 Description The HTTP server in client golang is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. To...

AlmaLinux 8 : prometheus-jmx-exporter (ALSA-2020:4807)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:4807 advisory. - The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that Nessus has not...

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

Potential connections between a subscription-based crimeware-as-a-service CaaS solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is calle...

bower-cache (=0.5.0), cacahuate (>=3.9.0 <=4.0.0a6) +58 more potentially affected by CVE-2021-23727 via celery (>=3.1.11 <=5.2.1)

celery PYPI version =3.1.11, =3.9.0, =0.0.2, =1.0.1, =0.19.0, =2.0.0a0, =1.0.0, =1.0.24, =0.0.5, =0.0.13, =1.0.18, =1.2.7 and more Source cves: CVE-2021-23727 Source advisory: OSV:GHSA-Q4XR-RC97-M4XX...

AZL-33635 CVE-2021-44716 affecting package prometheus-node-exporter for versions less than 1.3.1-24

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-35123 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.8.2-1

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33638 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.7.10-19

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Grafana Path Traversal Vulnerability (CNVD-2021-100286)

Grafana is an open source monitoring tool from Grafana Labs that provides a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. A path traversal vulnerability exists in Grafana, which stems from the product's failure to effectively...

Authentication Bypass

github.com/grafana/agent is vulnerable to authentication bypass. The library does not properly restrict access to config endpoints, allowing an attacker to authenticate against a system for discovering Prometheus targets and collecting metrics leads to information disclosure...

CVE-2021-41090

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

CVE-2021-41090

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

Authentication flaw

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

CVE-2021-41090 Instance config inline secret exposure

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

SUSE-SU-2021:3908-1 Security Beta update for SUMA client tools

This update fixes the following issues: dracut-saltboot: - Fix dependencies of python libs bsc1188846 - Update to version 0.1.1628156312.dbd0dec - Force installation of libexpat.so.1 bsc1188846 - Update to version 0.1.1627546504.96a0b3e - Use kernel parameters from PXE formula also for local boot...

SUSE-SU-2021:3907-1 Security Beta update for SUSE Manager Client Tools

This update fixes the following issues: cobbler: - Fixed rce in the xmlrpc which additionally allowed arbirtrary file read and write as root bsc1189458 golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15...