Lucene search
K

148 matches found

OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.14 views

Fedora: Security Advisory (FEDORA-2023-0c6723004f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.6AI score0.05994EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/09/03 12:0 a.m.7 views

The vulnerability of the file /api/v1/alerts of the Prometheus monitoring system, which is used to process alerts from Alertmanager, allows a perpetrator to execute arbitrary code.

The vulnerability of the Prometheus monitoring system’s /api/v1/alerts file for processing alerts by Alertmanager is related to improper handling of input data during the generation of web pages. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

5.5CVSS7.2AI score0.00568EPSS
Exploits0References7Affected Software5
Redos
Redos
added 2024/08/28 12:0 a.m.15 views

ROS-20240827-17

Vulnerability in the /api/v1/alerts file of the Prometheus monitoring system component for processing alerts Alertmanager is related to incorrect neutralization of input data during web page generation. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

7.5CVSS7.7AI score0.00568EPSS
Exploits0
OSV
OSV
added 2024/08/21 2:17 p.m.29 views

GO-2023-2020 Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint in github.com/prometheus/alertmanager

Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint in github.com/prometheus/alertmanager...

7.5CVSS5.9AI score0.00568EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/08/01 12:0 a.m.17 views

Ubuntu: Security Advisory (USN-6935-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.00568EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/07/31 3:7 p.m.23 views

USN-6935-1: Prometheus Alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

7.5CVSS7.3AI score0.00568EPSS
Exploits0
OSV
OSV
added 2024/07/31 3:7 p.m.4 views

USN-6935-1 prometheus-alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

7.5CVSS7.3AI score0.00568EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/31 12:0 a.m.21 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Prometheus Alertmanager vulnerability (USN-6935-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6935-1 advisory. It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with...

7.5CVSS7.4AI score0.00568EPSS
Exploits0References2
Wolfi
Wolfi
added 2024/07/05 7:42 p.m.12 views

GHSA-MH55-GQVF-XFWM vulnerabilities

Vulnerabilities for packages: rekor, timestamp-authority, grafana-mimir, datadog-agent, prometheus-alertmanager, cortex, fulcio...

6.1AI score
Exploits0
OSV
OSV
added 2024/06/15 12:0 a.m.10 views

OPENSUSE-SU-2024:13599-1 golang-github-prometheus-alertmanager-0.26.0-4.1 on GA media

These are all security issues fixed in the golang-github-prometheus-alertmanager-0.26.0-4.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS6.5AI score0.00568EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.20 views

openSUSE Security Advisory (SUSE-SU-2024:0512-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.00568EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.15 views

openSUSE: Security Advisory for Golang Prometheus (SUSE-SU-2023:3888-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.1AI score0.01328EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/17 12:0 a.m.28 views

SUSE SLES15 / openSUSE 15 Security Update : golang-github-prometheus-alertmanager (SUSE-SU-2024:0512-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0512-1 advisory. golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 jscPED-7353: - Version 0.26.0: Security fixes: -...

7.5CVSS6.8AI score0.00568EPSS
Exploits0References4
OSV
OSV
added 2024/02/15 1:43 p.m.9 views

SUSE-SU-2024:0512-1 Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 jscPED-7353: - Version 0.26.0: Security fixes: + CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI...

7.5CVSS7.3AI score0.00568EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/01/17 2:46 a.m.3 views

SUSE CVE-2023-40577

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...

7.5CVSS9.6AI score0.00568EPSS
Exploits0References6
Hacker One
Hacker One
added 2023/12/20 2:25 a.m.25 views

IBM: Improper Authentication on Alertmanager instance

Improper authentication was configured on an alertmanager instance. The issue was reported to IBM, analyzed, and remediated...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.28 views

Fedora 39 : golang-github-prometheus-alertmanager (2023-0c6723004f)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0c6723004f advisory. Automatic update for golang-github-prometheus-alertmanager-0.23.0-15.fc39. Changelog Sat Apr 29 2023 Srgio M. Basto - 0.23.0-15 - Include s390x, and disable...

7.5CVSS7AI score0.05994EPSS
Exploits0References2
Chainguard
Chainguard
added 2023/10/11 10:15 p.m.2958 views

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kpt, prometheus-pushgateway-fips, slsa-verifier, nodetaint, node-problem-detector, atlantis-fips, kube-fluentd-operator, stakater-reloader, dex, prometheus-alertmanager, falcoctl-fips, weaviate, prometheus-postgres-exporter, src, coredns, dex-k8s-authenticator,...

7.5CVSS6.7AI score0.03796EPSS
Exploits0
Chainguard
Chainguard
added 2023/10/11 8:35 p.m.67 views

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: kpt, prometheus-pushgateway-fips, slsa-verifier, nodetaint, node-problem-detector, atlantis-fips, kube-fluentd-operator, stakater-reloader, dex, prometheus-alertmanager, falcoctl-fips, weaviate, prometheus-postgres-exporter, src, coredns, dex-k8s-authenticator,...

6.1AI score
Exploits0
OpenVAS
OpenVAS
added 2023/10/09 12:0 a.m.11 views

Debian: Security Advisory (DLA-3609-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.6AI score0.00568EPSS
Exploits0References4
Rows per page
Query Builder