AZL-39678 CVE-2023-45288 affecting package prometheus for versions less than 2.45.4-4

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38473 CVE-2023-45288 affecting package prometheus-node-exporter for versions less than 1.7.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

Fedora: Security Advisory (FEDORA-2024-a8a4ce2864)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2024-45f0a1df95)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-9231308a4f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.11.0-1.fc38

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.11.0-1.fc39

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.11.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

CVE-2024-28867

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the usage of un-sanitized string values into metric names or labels. An attacker could exploit this by sending a ?lang query paramet...

CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

CVE-2024-28867

Summary (CVE-2024-28867): Swift Prometheus contains a vulnerability where unsanitized string values used in metric names or labels can be crafted via a ?lang query parameter to inject special characters, potentially leading to unbounded metric growth and memory usage. The issue is described acros...

CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

Prometheus 安全漏洞

Prometheus is open source software written in the Go language for recording real-time metrics from time series databases built using the HTTP pull model. A security vulnerability exists in versions prior to Swift Prometheus 2.0.0-alpha.2 that stems from applying uncleaned string values to the cod...

PT-2024-22616 · Unknown · Swift Prometheus

Name of the Vulnerable Software and Affected Versions: Swift Prometheus versions prior to 2.0.0-alpha.2 Description: The issue arises when un-sanitized string values are applied into metric names or labels, allowing an attacker to send a ?lang query parameter with newlines, or similar characters...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: conftest, cadvisor, dagger, spire-server-fips, kubescape, kargo, grype, buf, aactl, syft, crossplane, cilium-cli, wolfictl, kaniko, melange, datadog-agent, spire-server, ctop, up, conftest-fips, prometheus, datadog-agent-fips, loki, trivy, tkn, cadvisor-fips,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: conftest, cadvisor, dagger, spire-server-fips, kubescape, kargo, grype, buf, aactl, syft, crossplane, cilium-cli, wolfictl, kaniko, melange, datadog-agent, spire-server, ctop, up, conftest-fips, prometheus, datadog-agent-fips, loki, trivy, tkn, cadvisor-fips,...

CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2

CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2. A patched version of the package is available...

Fedora: Security Advisory for prometheus-simpleclient-java (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...