Gitlab -- Multiple Vulnerabilities

Gitlab reports: Improper Certificate Validation for Fortinet OTP Denial of Service Attack on gitlab-shell Resource exhaustion due to pending jobs Confidential issue titles were exposed Improper access control allowed demoted project members to access authored merge requests Improper access contro...

CentOS 8 : prometheus-jmx-exporter (CESA-2020:4807)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2020:4807 advisory. - snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 Note that Nessus has not tested for this issue but has instead relied only on the...

CVE-2021-22166

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...

CVE-2021-22166

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...

Default configuration

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...

UBUNTU-CVE-2021-22166

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...

CVE-2021-22166

CVE-2021-22166 affects GitLab 13.7+ where an attacker could trigger a Prometheus denial of service by sending an HTTP request with a malformed method. The linked advisories describe the issue as mitigated in GitLab version 13.7.2 (and related fixes) and outline remediation guidance. The initial a...

CVE-2021-22166

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...

CVE-2021-22166

Removed by vendor...

Gitlab -- multiple vulnerabilities

Gitlab reports: Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...

SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2020:3459-1)

This update for ceph fixes the following issues : CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 Documented Prometheus' security model bsc1169134 monclient: Fixed an issue where...

openSUSE Security Update : ceph (openSUSE-2020-2057)

This update for ceph fixes the following issues : - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 - Documented Prometheus' security model bsc1169134 - monclient: Fixed an issue...

Security update for ceph (moderate)

openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2020:2057-1 Rating: moderate References: 1151612 1158257 1169134 1170487 1174591 1175061 1175240 1175781 1177843 Cross-References: CVE-2020-25660 Affected Products: openSUSE Leap 15.1 An update that solves one...

OPENSUSE-SU-2020:2057-1 Security update for ceph

This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 - Documented Prometheus' security model bsc1169134 - monclient: Fixed an issue whe...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.5.20 bug fix and golang security update

Red Hat OpenShift Container Platform release 4.5.20 is now available with updates to packages and images that fix several bugs. This release includes a security update for golang for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impa...

SUSE-SU-2020:3459-1 Security update for ceph

This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 - Documented Prometheus' security model bsc1169134 - monclient: Fixed an issue whe...

Teler - Real-time HTTP Intrusion Detection

teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. Features Real-time : Analyze logs and identify suspicious activity in real-time. Alerting : teler provides alerting when a threat is...

Oracle Linux 8 : prometheus-jmx-exporter (ELSA-2020-4807)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-4807 advisory. 0.12.0-6 - Fix CVE-2017-18640 by using updated snakeyaml. Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

prometheus-jmx-exporter security update

0.12.0-6 - Fix CVE-2017-18640 by using updated snakeyaml...

Moderate: Red Hat Security Advisory: prometheus-jmx-exporter security update

An update for prometheus-jmx-exporter is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...