Fedora 39 : prometheus-podman-exporter (2023-b75ee820ce)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b75ee820ce advisory. release v1.5.0 + security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: nodetaint, aws-ebs-csi-driver, cluster-autoscaler-fips, aws-efs-csi-driver-fips, aws-efs-csi-driver, spark-operator, prometheus-adapter, kubernetes-dns-node-cache, ip-masq-agent...

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: prometheus-adapter, nodetaint, spark-operator, aws-efs-csi-driver, ip-masq-agent, kubernetes-dns-node-cache...

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: prometheus-adapter, nodetaint, spark-operator, aws-efs-csi-driver, ip-masq-agent, kubernetes-dns-node-cache...

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: nodetaint, aws-ebs-csi-driver, cluster-autoscaler-fips, aws-efs-csi-driver-fips, aws-efs-csi-driver, spark-operator, prometheus-adapter, kubernetes-dns-node-cache, ip-masq-agent...

CVE-2023-6001

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...

CVE-2023-6001

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...

CVE-2023-6001 Prometheus Metrics Accessible Pre-Authentication

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...

CVE-2023-6001 Prometheus Metrics Accessible Pre-Authentication

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...

Rocky Linux 8 : prometheus-jmx-exporter (RLSA-2020:4807)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2020:4807 advisory. - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that Nessus h...

Fedora 39 : golang-github-prometheus-alertmanager (2023-0c6723004f)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0c6723004f advisory. Automatic update for golang-github-prometheus-alertmanager-0.23.0-15.fc39. Changelog Sat Apr 29 2023 Srgio M. Basto - 0.23.0-15 - Include s390x, and disable...

Fedora 39 : golang-github-prometheus-exporter-toolkit / etc (2023-cf176d02d8)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-cf176d02d8 advisory. Security fix for CVE-2022-46146, update to v0.10.0 Tenable has extracted the preceding description block directly from the Fedora security advisory...

PT-2023-32468 · Yugabyte · Yugabytedb Anywhere

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere affected versions not specified Description: The issue concerns Prometheus metrics being available without authentication, exposing detailed and sensitive information about the YugabyteDB Anywhere environment...

CVE-2023-38994

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

Default configuration

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

PT-2023-7018 · Univention · Univention Corporate Server

Name of the Vulnerable Software and Affected Versions: Univention Corporate Server UCS versions 5.0-5 Description: The issue is related to the check univention joinstatus prometheus monitoring script, which reveals the LDAP plaintext password of the machine account in the process list. This allow...

CVE-2023-38994

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: falcoctl-fips, kpt, skaffold, slsa-verifier, tekton-chains, spire-server-fips, kubescape, aactl, k3d, k3s, rancher-agent, up, ctop, bom, cert-manager, paranoia, scorecard, chartmuseum, falco...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: prometheus-blackbox-exporter, src, ipfs, scorecard, buildkitd, falco, slsa-verifier, aactl, kubevela, k3d, spark-operator, kubeflow, cortex, kubescape, terraform-provider-sendgrid, up, dgraph...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: falcoctl-fips, slsa-verifier, cluster-autoscaler-fips, dgraph, timestamp-authority-fips, volume-modifier-for-k8s-fips, prometheus-stackdriver-exporter, kubescape, kiam, aactl, aws-efs-csi-driver-fips, smarter-device-manager-fips, k3d, terraform-provider-sendgrid,...