node_exporter -- bypass security with cache poisoning

Prometheus team reports: Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password back...

SUSE-SU-2021:3621-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: grafana-formula: - Version 0.4.2 Add SSH blackbox status check panel to clients dashboard Migrate deprecated panels in clients dashboard prometheus-formula: - Version 0.3.4 Fix opening Prometheus ports on proxy - Version 0.3.3 Add Prometheus targets...

Prometheus Unauthorized Access Vulnerability

Prometheus is an open source event control and solution. prometheus unauthorized access vulnerability can be exploited by attackers to obtain sensitive information, /api/v1/status/flags of web.enable-admin-api and web-enable-lifecycle if True can shut down the service or delete all endpoints...

Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication an...

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2021-37137 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2021-37137 Source advisory: OSV:GHSA-9VJP-V76F-G363...

openSUSE 15 Security Update : SUSE Manager Client Tools (openSUSE-SU-2021:1162-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1162-1 advisory. - Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning...

openSUSE: Security Advisory for SUSE (openSUSE-SU-2021:1162-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for SUSE Manager Client Tools (moderate)

openSUSE Security Update: Security update for SUSE Manager Client Tools Announcement ID: openSUSE-SU-2021:1162-1 Rating: moderate References: 1175478 1186242 1186508 1186581 1186650 1188846 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS...

openSUSE: Security Advisory for golang-github-prometheus-prometheus (openSUSE-SU-2021:2664-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for grafana (important)

openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2021:1148-1 Rating: important References: 1183803 1183809 1183811 1183813 1184371 Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVSS scores: CVE-2021-27358 NVD : 7.5...

openSUSE 15 Security Update : SUSE Manager Client Tools (openSUSE-SU-2021:2675-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2675-1 advisory. - Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning...

openSUSE: Security Advisory for SUSE (openSUSE-SU-2021:2675-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE 15 Security Update : golang-github-prometheus-prometheus (openSUSE-SU-2021:2664-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:2664-1 advisory. - Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a...

SUSE-SU-2021:2675-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 bsc1188846 - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld...

SUSE-SU-2021:2673-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SUSE Linux Enterprise 15, SP1, SP2 - Upgrade to upstream version 2.27.1 jscSLE-18254 - SECURITY: Fix arbitrary redirects unde...

SUSE-SU-2021:2664-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Upgrade to upstream version 2.27.1 jscSLE-18254 + Bugfix: SECURITY: Fix arbitrary redirects...

Security update for SUSE Manager Client Tools (moderate)

openSUSE Security Update: Security update for SUSE Manager Client Tools Announcement ID: openSUSE-SU-2021:2675-1 Rating: moderate References: 1175478 1186242 1186508 1186581 1186650 1188846 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS...

Security update for grafana (important)

openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2021:2662-1 Rating: important References: 1183803 1183809 1183811 1183813 1184371 Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVSS scores: CVE-2021-27358 NVD : 7.5...

Security update for golang-github-prometheus-prometheus (moderate)

openSUSE Security Update: Security update for golang-github-prometheus-prometheus Announcement ID: openSUSE-SU-2021:2664-1 Rating: moderate References: 1186242 SLE-18254 Cross-References: CVE-2021-29622 CVSS scores: CVE-2021-29622 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected...

Moderate: Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update

A minor version update from 7.8 to 7.9 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...