1410 matches found
BIT-GITLAB-2021-22166
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...
BIT-GITLAB-2021-22178
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration...
BIT-GITLAB-2022-3613
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service...
BIT-GITLAB-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...
BIT-GITLAB-2023-1733
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1...
BIT-RABBITMQ-2021-32718 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...
BIT-PROMETHEUS-2021-29622 Arbitrary redirects under /new endpoint
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: falcoctl-fips, helm-operator, rqlite, falcosidekick-fips, terraform-provider-aws, crossplane-provider-azure-managedidentity, cloudflared, kubescape, flannel, kube-state-metrics, external-dns-fips, trillian-fips, up, spire-server, k8ssandra-operator-fips,...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: nri-discovery-kubernetes, hugo, certificate-transparency, smarter-device-manager, kubernetes-dashboard-metrics-scraper, mc, crossplane-provider-aws-route53, crossplane-provider-aws-kms, vault-k8s, cluster-proportional-autoscaler, external-secrets-operator,...
AZL-35594 CVE-2024-24786 affecting package prometheus-adapter for versions less than 0.10.0-12
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: rabbitmq-cluster-operator, falcoctl-fips, prometheus-redis-exporter, helm-operator, wire-go, s5cmd, terraform-docs, eksctl, aws-load-balancer-controller, newrelic-fluent-bit-output, delve, rqlite, cert-exporter, trillian, cloud-sql-proxy-fips,...
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: rabbitmq-cluster-operator, falcoctl-fips, prometheus-redis-exporter, helm-operator, wire-go, s5cmd, terraform-docs, eksctl, aws-load-balancer-controller, newrelic-fluent-bit-output, delve, rqlite, cert-exporter, trillian, cloud-sql-proxy-fips,...
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: nri-discovery-kubernetes, gops, smarter-device-manager, kubernetes-dashboard-metrics-scraper, vault-k8s, direnv, cluster-proportional-autoscaler, kyverno-policy-reporter-kyverno-plugin, dynamic-localpv-provisioner, esbuild, prometheus-blackbox-exporter, nri-mongodb,...
AZL-35671 CVE-2024-24786 affecting package prometheus-adapter for versions less than 0.12.0-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: rabbitmq-cluster-operator, falcoctl-fips, prometheus-redis-exporter, helm-operator, wire-go, s5cmd, terraform-docs, eksctl, aws-load-balancer-controller, newrelic-fluent-bit-output, delve, rqlite, cert-exporter, trillian, cloud-sql-proxy-fips,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: falcoctl-fips, helm-operator, rqlite, falcosidekick-fips, terraform-provider-aws, crossplane-provider-azure-managedidentity, cloudflared, kubescape, flannel, kube-state-metrics, external-dns-fips, trillian-fips, up, spire-server, k8ssandra-operator-fips,...
AZL-35593 CVE-2024-24786 affecting package prometheus for versions less than 2.37.9-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35670 CVE-2024-24786 affecting package prometheus for versions less than 2.45.4-6
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: nri-discovery-kubernetes, gops, smarter-device-manager, kubernetes-dashboard-metrics-scraper, vault-k8s, direnv, cluster-proportional-autoscaler, kyverno-policy-reporter-kyverno-plugin, dynamic-localpv-provisioner, esbuild, prometheus-blackbox-exporter, nri-mongodb,...
openSUSE Security Advisory (SUSE-SU-2024:0512-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...