Lucene search
+L

30 matches found

nessus
nessus
added 2024/01/30 12:0 a.m.35 views

RHEL 8 : container-tools:3.0 (RHSA-2024:0564)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0564 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...

7.8CVSS7.3AI score0.05994EPSS
Exploits0References8
mscve
mscve
added 2023/11/08 8:0 a.m.5 views

Uncontrolled Resource Consumption in promhttp

...

7.5CVSS7.6AI score0.05994EPSS
Exploits0
susecve
susecve
added 2023/02/15 3:29 a.m.4 views

SUSE CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS8.2AI score0.05994EPSS
Exploits0References38
nessus
nessus
added 2023/01/20 12:0 a.m.40 views

openSUSE 15 Security Update : golang-github-prometheus-alertmanager (SUSE-SU-2022:2139-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2022:2139-1 advisory. - clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP server...

7.5CVSS7AI score0.05994EPSS
Exploits0References5
nessus
nessus
added 2022/12/22 12:0 a.m.43 views

Fedora 35 : golang-github-distribution-3 (2022-739c7a0058)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-739c7a0058 advisory. Update to 3.0.0 pre1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

7.5CVSS7.2AI score0.05994EPSS
Exploits0References2
nessus
nessus
added 2022/10/27 12:0 a.m.45 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : golang-github-prometheus-node_exporter (SUSE-SU-2022:3745-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3745-1 advisory. bsc1196338, jscSLE-24238, jscSLE-24239, jscSUMA-114, CVE-2022-21698 Tenable has extracted the preceding...

7.5CVSS6.8AI score0.05994EPSS
Exploits0References4
osv
osv
added 2022/07/15 11:29 p.m.44 views

GO-2022-0322 Uncontrolled resource consumption in github.com/prometheus/client_golang

The Prometheus clientgolang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler middleware except RequestsInFlight; not filter any specific...

7.5CVSS9.4AI score0.05994EPSS
Exploits1References1
osv
osv
added 2022/02/16 10:26 p.m.29 views

GHSA-CG3Q-J54F-5P7P Uncontrolled Resource Consumption in promhttp

This is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API. clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgola...

7.5CVSS9.5AI score0.05994EPSS
Exploits0References25
osv
osv
added 2022/02/15 4:15 p.m.13 views

AZL-35012 CVE-2022-21698 affecting package multus for versions less than 4.0.2-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
nvd
nvd
added 2022/02/15 4:15 p.m.29 views

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS0.05994EPSS
Exploits0References22
osv
osv
added 2022/02/15 4:15 p.m.9 views

AZL-33637 CVE-2022-21698 affecting package prometheus-process-exporter for versions less than 0.7.10-18

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.1 views

DEBIAN-CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.9 views

AZL-33626 CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.10-19

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.8 views

AZL-35040 CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.15-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.14 views

AZL-39665 CVE-2022-21698 affecting package cri-o for versions less than 1.21.7-2

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.9 views

AZL-33634 CVE-2022-21698 affecting package prometheus-node-exporter for versions less than 1.3.1-23

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.9 views

AZL-45249 CVE-2022-21698 affecting package buildah for versions less than 1.41.4-2

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.10 views

AZL-34541 CVE-2022-21698 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-2

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.8 views

AZL-33611 CVE-2022-21698 affecting package local-path-provisioner for versions less than 0.0.21-14

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
osv
osv
added 2022/02/15 4:15 p.m.6 views

AZL-33614 CVE-2022-21698 affecting package moby-buildx for versions less than 0.7.1-16

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS
Exploits0References1
Rows per page
Query Builder