Lucene search
+L

18 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in golang-github-prometheus-client-golang

clientgolang is the instrumentation library for Go applications in Prometheus. The promhttp package within clientgolang provides tools for working with HTTP servers and clients. Prior to version 1.11.1 of clientgolang, HTTP servers were vulnerable to Denial of Service attacks due to unbounded...

7.5CVSS7.1AI score0.05994EPSS
Exploits0References1
nessus
nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 3 : OpenShift Container Platform 3.11.705 (RHSA-2022:2280)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:2280 advisory. - prometheus/clientgolang: Denial of service using InstrumentHandlerCounter CVE-2022-21698 - credentials: Stored XSS vulnerabilities...

7.5CVSS6.9AI score0.7855EPSS
Exploits0References9
ossf
ossf
added 2025/12/23 8:41 a.m.10 views

Malicious code in prometheus_client_ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/12/23 8:41 a.m.5 views

MAL-2025-192912 Malicious code in prometheus_client_ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

6.8AI score
Exploits0
nessus
nessus
added 2025/10/10 12:0 a.m.2 views

FreeBSD : Mailpit -- Performance information disclosure (0b5145e9-a500-11f0-a136-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b5145e9-a500-11f0-a136-10ffe07f9334 advisory. Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime...

5.6AI score
Exploits0References2
freebsd
freebsd
added 2025/10/09 12:0 a.m.14 views

Mailpit -- Performance information disclosure

Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime information memory usage, goroutine counts, GC behavior, uptime and potential runtime flags due to the Prometheus client library dependency...

6.8AI score
Exploits0References1
suse
suse
added 2024/11/18 1:23 p.m.4 views

Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency bsc1213933 Other changes and issues fixed: Delete unpackaged debug files for RHEL Do not include source files in the package for RHEL 9...

5.4CVSS6.9AI score0.00843EPSS
Exploits0References44
nessus
nessus
added 2024/11/14 12:0 a.m.14 views

Fedora 37 : golang-github-prometheus-client (2022-d8881cf797)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d8881cf797 advisory. Automatic update for golang-github-prometheus-client-1.12.2-1.fc37. Changelog Wed Jun 22 2022 Maxwell G 1.12.2-1 - Update to 1.12.1 Close: rhbz2042592...

7.5CVSS7AI score0.05994EPSS
Exploits0References2
nessus
nessus
added 2024/05/11 12:0 a.m.29 views

RHEL 7 : prometheus_client_golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - prometheus/clientgolang: Denial of service using InstrumentHandlerCounter CVE-2022-21698 Note that Nessus has not...

7.3AI score0.05994EPSS
Exploits0References1
redhat
redhat
added 2022/08/15 9:45 a.m.11 views

prometheus/client_golang: Denial of service using InstrumentHandlerCounter

A denial of service attack was found in prometheus/clientgolang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability...

7.5CVSS6.8AI score0.05994EPSS
Exploits0References5
redhat
redhat
added 2022/08/10 11:39 a.m.88 views

Important: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.24.0

Release of OpenShift Serverless Client kn 1.24.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.3CVSS7AI score0.0995EPSS
Exploits6References22
redhat
redhat
added 2022/08/10 10:13 a.m.3 views

prometheus/client_golang: Denial of service using InstrumentHandlerCounter

A denial of service attack was found in prometheus/clientgolang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability...

7.5CVSS6.8AI score0.05994EPSS
Exploits0References5
fedora
fedora
added 2022/07/04 1:35 a.m.25 views

[SECURITY] Fedora 36 Update: golang-github-prometheus-prom2json-1.3.0-8.20210811git90766c0.fc36

A tool to scrape a Prometheus client and dump the result as JSON...

9.3CVSS8.1AI score0.0995EPSS
Exploits4
openvas
openvas
added 2022/07/02 12:0 a.m.30 views

Fedora: Security Advisory for golang-github-prometheus-client (FEDORA-2022-92ef43c439)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS10AI score0.05994EPSS
Exploits0References2
openvas
openvas
added 2022/05/19 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2022-0180)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS10AI score0.05994EPSS
Exploits0References6
redhat
redhat
added 2022/05/18 3:57 p.m.3 views

prometheus/client_golang: Denial of service using InstrumentHandlerCounter

A denial of service attack was found in prometheus/clientgolang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability...

7.5CVSS6.8AI score0.05994EPSS
Exploits0References5
osv
osv
added 2022/02/15 4:15 p.m.7 views

AZL-34835 CVE-2022-21698 affecting package keda for versions less than 2.14.0-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.11 views

AZL-35012 CVE-2022-21698 affecting package multus for versions less than 4.0.2-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
Rows per page
Query Builder