11 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enable...
PT-2026-32579
Name of the Vulnerable Software and Affected Versions Prometheus versions 3.0 through 3.5.1 Prometheus versions 3.6.0 through 3.11.1 Description Stored cross-site scripting exists in multiple components of the Prometheus web UI, specifically within the Mantine UI and the old React UI. The issue...
MiracleLinux 8 : container-tools:3.0 (AXSA:2022-4431:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4431:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 cri-o: memory exhaustion on the node when access to the kube api...
EUVD-2024-1036
Malicious code in bioql PyPI...
CVE-2024-28867
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...
Prometheus 安全漏洞
Prometheus is open source software written in the Go language for recording real-time metrics from time series databases built using the HTTP pull model. An unspecified vulnerability exists in Prometheus Exporter Toolkit versions 0.7.2 and prior to 0.8.2, which can be exploited by an attacker to...
AZL-33629 CVE-2022-29526 affecting package prometheus for versions less than 2.37.0-1
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
UBUNTU-CVE-2019-3826
A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...
CVE-2002-1211
Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUSLIBRARYBASE that points to code stored on a remote server, which is then used in 1 index.php, 2 install.php, or 3 various test.php scripts...
Jason Orcutt Prometheus 3.04.06.0 - Remote File Inclusion
Jason Orcutt Prometheus 3.04.06.0 - Remote File Inclusion source: https://www.securityfocus.com/bid/6087/info Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with...
Jason Orcutt Prometheus 3.0/4.0/6.0 - Remote File Inclusion
source: https://www.securityfocus.com/bid/6087/info Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Prometheus. An attacker may exploit this by supplying a path t...