GHSA-8XFX-RJ4P-23JM vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-eks, mockgen, bazelisk, skopeo, nri-postgresql, kserve-rest-proxy, kubernetes-csi-livenessprobe, flux-fips, datadog-agent, gh, harbor-scanner-trivy-fips, prometheus-statsd-exporter-fips, cert-exporter-fips, s5cmd, falcosidekick, thanos-operato...

GHSA-3F6R-QH9C-X6MM vulnerabilities

Vulnerabilities for packages: mockgen, bazelisk, skopeo, opentofu, kserve-rest-proxy, kubernetes-replicator-fips, kuberay-operator-fips, kubernetes-csi-livenessprobe, flux-fips, harbor-scanner-trivy-fips, prometheus-statsd-exporter-fips, ini-file, s5cmd, sftpgo, falcosidekick, thanos-operator,...

CVE-2022-3162 affecting package prometheus-adapter for versions less than 0.10.0-17

CVE-2022-3162 affecting package prometheus-adapter for versions less than 0.10.0-17. A patched version of the package is available...

Azure Linux 3.0 Security Update: cert-manager / keda / kube-vip-cloud-provider / prometheus-adapter (CVE-2022-3162)

The version of cert-manager / keda / kube-vip-cloud-provider / prometheus-adapter installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3162 advisory. - Users authorized to list or watch one type of...

CVE-2023-45288 affecting package prometheus-node-exporter for versions less than 1.7.0-2

CVE-2023-45288 affecting package prometheus-node-exporter for versions less than 1.7.0-2. A patched version of the package is available...

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

AZL-57074 CVE-2024-50608 affecting package fluent-bit for versions less than 3.1.9-3

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

AZL-57092 CVE-2024-50608 affecting package fluent-bit for versions less than 3.0.6-2

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

CVE-2024-50608

Fluent Bit 3.1.9 is affected by CVE-2024-50608 (Prometheus Remote Write input) and CVE-2024-50609 (OpenTelemetry input). In both cases, sending a crafted HTTP request with Content-Length: 0 triggers a NULL pointer dereference in the server (via cfl_sds_len) and can cause remote DoS. Connected adv...

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analysis system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit version 3.1.9, which stems from the presence of a null pointer reference in the Prometheus plugin that can lead to a remote denial of service...

PT-2025-6702 · Unknown +1 · Fluent-Bit +1

Name of the Vulnerable Software and Affected Versions: Fluent Bit version 3.1.9 Description: An issue was discovered in Fluent Bit when the Prometheus Remote Write input plugin is running and listening on an IP address and port. One can send a packet with Content-Length: 0 and it crashes the...

SUSE SLES15 / openSUSE 15 : Security update golang-github-prometheus-prometheus (SUSE-SU-2025:0546-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0546-1 advisory. golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: - Security issues fixed: CVE-2024-51744: Updat...

Security update golang-github-prometheus-prometheus

golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling bsc1232970 Highlights of other changes: Performance: Significant enhancements to PromQL execution speed,...

Security update for SUSE Manager Client Tools

This update fixes the following issues: dracut-saltboot was updated to version 0.1.1728559936.c16d4fb: Added MAC based terminal naming option jscSUMA-314 golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated...

CVE-2025-22866 vulnerabilities

Vulnerabilities for packages: gostatsd, git-sync, smarter-device-manager, crossplane-provider-aws-kms, protoc-gen-go, cluster-proportional-autoscaler, crossplane-provider-aws-dynamodb, prometheus-blackbox-exporter, kbld, secrets-store-csi-driver-provider-aws, extism, aws-application-networking-k8...

GO-2025-3418 Envoy Admin Interface Exposed through prometheus metrics endpoint in github.com/envoyproxy/gateway

Envoy Admin Interface Exposed through prometheus metrics endpoint in github.com/envoyproxy/gateway...

CVE-2024-45336 vulnerabilities

Vulnerabilities for packages: mockgen, bazelisk, skopeo, opentofu, kserve-rest-proxy, kubernetes-replicator-fips, kuberay-operator-fips, kubernetes-csi-livenessprobe, flux-fips, harbor-scanner-trivy-fips, prometheus-statsd-exporter-fips, ini-file, s5cmd, sftpgo, falcosidekick, thanos-operator,...

Argo CD 安全漏洞

Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. A security vulnerability exists in Argo CD that stems from the fact that the openshift.io/cluster-monitoring tag is automatically applied to all namespaces where ArgoCD CR instances are deployed, allowing t...