CVE-2024-24786 affecting package prometheus-adapter for versions less than 0.12.0-1

CVE-2024-24786 affecting package prometheus-adapter for versions less than 0.12.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-45142 affecting package prometheus-adapter for versions less than 0.12.0-1

CVE-2023-45142 affecting package prometheus-adapter for versions less than 0.12.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-39325 affecting package prometheus-adapter for versions less than 0.12.0-1

CVE-2023-39325 affecting package prometheus-adapter for versions less than 0.12.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-46146 affecting package prometheus-process-exporter for versions less than 0.8.2-1

CVE-2022-46146 affecting package prometheus-process-exporter for versions less than 0.8.2-1. An upgraded version of the package is available that resolves this issue...

GHSA-MH55-GQVF-XFWM vulnerabilities

Vulnerabilities for packages: fulcio, ipfs, grafana-mimir, datadog-agent, timestamp-authority, rekor, cortex, prometheus-alertmanager...

OPENSUSE-SU-2024:14092-1 golang-github-prometheus-prometheus-2.53.0-2.1 on GA media

These are all security issues fixed in the golang-github-prometheus-prometheus-2.53.0-2.1 package on the GA media of openSUSE Tumbleweed...

CBL Mariner 2.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)

The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...

CVE-2024-24791 vulnerabilities

Vulnerabilities for packages: step-fips, falcoctl-fips, wire-go, helm-operator, nvidia-container-toolkit, velero-plugin-for-csi, kyverno-fips, request-1279-14, cloudnative-pg, falcosidekick-fips, terraform-provider-aws, cloudflared, harbor, flannel, kube-state-metrics, external-dns-fips,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: falcoctl-fips, kyverno-fips, rabbitmq-messaging-topology-operator, crossplane-provider-azure-managedidentity, argo-cd, kubescape, flux-notification-controller, aactl, src-fingerprint, external-dns-fips, opentofu, spire-server, argo-cd-fips, grafana-11.0,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: falcoctl-fips, kyverno-fips, rabbitmq-messaging-topology-operator, crossplane-provider-azure-managedidentity, argo-cd, kubescape, flux-notification-controller, aactl, src-fingerprint, external-dns-fips, opentofu, spire-server, argo-cd-fips, grafana-11.0,...

AZL-42928 CVE-2024-6104 affecting package prometheus for versions less than 2.37.0-14

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

AZL-42898 CVE-2024-6104 affecting package prometheus for versions less than 2.45.4-3

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go

Summary IBM DataPower Gateway is vulnerable to denial of service due to use of Golang Go in DataPower Operator and Prometheus Metrics . CVE-2024-24783 Vulnerability Details CVEID:CVE-2024-24783 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 packag...

OPENSUSE-SU-2024:12637-1 golang-github-prometheus-node_exporter-1.5.0-1.1 on GA media

These are all security issues fixed in the golang-github-prometheus-nodeexporter-1.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12904-1 prometheus-blackbox_exporter-0.19.0-13.1 on GA media

These are all security issues fixed in the prometheus-blackboxexporter-0.19.0-13.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12650-1 golang-github-prometheus-prometheus-2.41.0-1.1 on GA media

These are all security issues fixed in the golang-github-prometheus-prometheus-2.41.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12872-1 prometheus-postgres_exporter-0.10.1-2.1 on GA media

These are all security issues fixed in the prometheus-postgresexporter-0.10.1-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12691-1 prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-2.1 on GA media

These are all security issues fixed in the prometheus-haclusterexporter-1.3.1+git.1676027782.ad3c0e9-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13599-1 golang-github-prometheus-alertmanager-0.26.0-4.1 on GA media

These are all security issues fixed in the golang-github-prometheus-alertmanager-0.26.0-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10814-1 golang-github-prometheus-prometheus-2.27.1-4.2 on GA media

These are all security issues fixed in the golang-github-prometheus-prometheus-2.27.1-4.2 package on the GA media of openSUSE Tumbleweed...