[SECURITY] Fedora 43 Update: rust-prometheus-0.14.0-1.fc43

Prometheus instrumentation library for Rust applications...

[SECURITY] Fedora 41 Update: rust-prometheus-0.14.0-1.fc41

Prometheus instrumentation library for Rust applications...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : golang-github-prometheus-node_exporter (SUSE-SU-2022:3745-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3745-1 advisory. bsc1196338, jscSLE-24238, jscSLE-24239, jscSUMA-114, CVE-2022-21698 Tenable has extracted the preceding...

Uncontrolled Resource Consumption in promhttp

This is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API. clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgola...

AZL-33637 CVE-2022-21698 affecting package prometheus-process-exporter for versions less than 0.7.10-18

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698

CVE-2022-21698 affects the Prometheus Go client_golang promhttp instrumentation (prior to v1.11.1). The issue allows HTTP server DoS/memory exhaustion when processing non-standard HTTP methods via promhttp.InstrumentHandler* (except RequestsInFlight). A patch exists in v1.11.1; remediation is to ...

drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux

Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try this tool. Usage You need to specify DRRUNPATH to point to drrun launcher and LIBCOVPATH to point to libbinafl.so coverage library. You also need to switc...