CVE-2024-34155 vulnerabilities

Vulnerabilities for packages: buildah, prometheus-nats-exporter, crossplane-provider-gcp, kube-vip-fips, amass, gosu, kyverno-fips, k9s, nri-discovery-kubernetes, nats, gh, k8s-device-plugin, hugo-extended, pulumi, kube-bench, kwok, k8sgpt, mods, boring-registry, azcopy-fips,...

CVE-2022-32149 affecting package prometheus-adapter for versions less than 0.10.0-14

CVE-2022-32149 affecting package prometheus-adapter for versions less than 0.10.0-14. A patched version of the package is available...

CVE-2024-6104 affecting package prometheus for versions less than 2.37.0-14

CVE-2024-6104 affecting package prometheus for versions less than 2.37.0-14. A patched version of the package is available...

ROS-20240827-17

Vulnerability in the /api/v1/alerts file of the Prometheus monitoring system component for processing alerts Alertmanager is related to incorrect neutralization of input data during web page generation. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

GO-2023-2020 Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint in github.com/prometheus/alertmanager

Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint in github.com/prometheus/alertmanager...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana that stems from the fact that if a...

CVE-2024-6104 affecting package prometheus for versions less than 2.45.4-3

CVE-2024-6104 affecting package prometheus for versions less than 2.45.4-3. A patched version of the package is available...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 Hotfix 8 (5.4.4-157)

This update provides stability and performance improvements. Vulnerability id: VSTOR-76224 A stability fix for the Backup Gateway service. Vulnerability id: VSTOR-81226 Improved the size calculation of erasure coding files. Vulnerability id: VSTOR-88511 Decreased the memory consumption by...

ROS-20240806-13

Vulnerability in the implementation of the bcrypt hashing algorithm of the Prometheus system file export library Exporter Toolkit is related to authentication bypass during web.yml file processing. Exploitation of the vulnerability could allow an attacker to bypass security restrictions and gain...

OPENSUSE-SU-2024:14232-1 golang-github-prometheus-prometheus-2.53.0-3.1 on GA media

These are all security issues fixed in the golang-github-prometheus-prometheus-2.53.0-3.1 package on the GA media of openSUSE Tumbleweed...

Ubuntu: Security Advisory (USN-6935-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6935-1 prometheus-alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

USN-6935-1: Prometheus Alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Prometheus Alertmanager vulnerability (USN-6935-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6935-1 advisory. It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with...

CVE-2023-45288 affecting package prometheus-adapter for versions less than 0.12.0-1

CVE-2023-45288 affecting package prometheus-adapter for versions less than 0.12.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.8.2-1

CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.8.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-21698 affecting package prometheus-process-exporter for versions less than 0.8.2-1

CVE-2022-21698 affecting package prometheus-process-exporter for versions less than 0.8.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-3978 affecting package prometheus-adapter for versions less than 0.12.0-1

CVE-2023-3978 affecting package prometheus-adapter for versions less than 0.12.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24786 affecting package prometheus-adapter for versions less than 0.12.0-1

CVE-2024-24786 affecting package prometheus-adapter for versions less than 0.12.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-45142 affecting package prometheus-adapter for versions less than 0.12.0-1

CVE-2023-45142 affecting package prometheus-adapter for versions less than 0.12.0-1. An upgraded version of the package is available that resolves this issue...