VYPR

rpm package

opensuse/golang-github-prometheus-node_exporter&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/golang-github-prometheus-node_exporter&distro=openSUSE%20Tumbleweed

Vulnerabilities (6)

  • CVE-2026-39821CriMay 22, 2026
    affected < 1.11.1-2.1fixed 1.11.1-2.1

    The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in program

  • CVE-2025-22870MedMar 12, 2025
    affected < 1.9.1-2.1fixed 1.9.1-2.1

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

  • CVE-2023-45288HigApr 4, 2024
    affected < 1.9.1-3.1fixed 1.9.1-3.1

    An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

  • CVE-2022-46146Nov 29, 2022
    affected < 1.5.0-1.1fixed 1.5.0-1.1

    Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.

  • CVE-2022-27191Mar 18, 2022
    affected < 1.5.0-1.1fixed 1.5.0-1.1

    The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

  • CVE-2022-21698Feb 15, 2022
    affected < 1.3.1-2.1fixed 1.3.1-2.1

    client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde