GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: gke-gcloud-auth-plugin, metrics-server, prometheus-adapter-fips, kube-oidc-proxy, timoni, kots, kubeflow-fips, terraform-provider-sendgrid-fips, nri-prometheus, trillian, node-problem-detector, oauth2-proxy, dex, sigstore-scaffolding, cosign, weaviate,...

Metasploit Weekly Wrap-Up

Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...

Prometheus Node Exporter And Windows Exporter Information Gather

This modules connects to a Prometheus Node Exporter or Windows Exporter service and gathers information about the host. Tested against Docker image 1.6.1, Linux 1.6.1, and Windows 0.23.1 Module Options msf use auxiliary/gather/prometheusnodeexportergather msf auxiliaryprometheusnodeexportergather...

SUSE: Security Advisory (SUSE-SU-2023:2183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-prometheus-node-exporter (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-prometheus-node-exporter (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-prometheus-node-exporter (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2137-1 Security update for golang-github-prometheus-node_exporter

This update for golang-github-prometheus-nodeexporter fixes the following issues: - CVE-2022-21698: Update vendor tarball with prometheus/clientgolang 1.11.1 bsc1196338, jscSLE-24238, jscSLE-24239 - Update to 1.3.0 CHANGE Add path label to rapl collector 2146 CHANGE Exclude filesystems under...

Fedora: Security Advisory for golang-github-prometheus-node-exporter (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:1531-1 Security Beta update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-alertmanager: - CVE-2022-21698: Update vendor tarball with prometheus/clientgolang 1.11.1 bsc1196338, jscSLE-24077 - Update to version 0.23.0: amtool: Detect version drift and warn users 2672 Add ability to skip TLS verification for...

Fedora: Security Advisory for golang-github-prometheus-node-exporter (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

AZL-33634 CVE-2022-21698 affecting package prometheus-node-exporter for versions less than 1.3.1-23

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-33635 CVE-2021-44716 affecting package prometheus-node-exporter for versions less than 1.3.1-24

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

SUSE-SU-2021:2098-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: cobbler: - Make fenceipmitool a wrapper for fenceipmilan using always lanplus. bsc1184361 - Remove unused template for fenceipmitool. - Prevent some race conditions when writting tftpboot files and the destination directory is not existing. bsc1186124 - Fix...

SUSE-SU-2020:2832-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Pin Golang version to 1.14 golang-github-prometheus-nodeexporter: - Update to 1.0.1 Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add service file...