rpm package
suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE Manager Server Module 4.3
pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.3
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-29409 | — | < 0.4.0-150000.1.18.3 | 0.4.0-150000.1.18.3 | Aug 2, 2023 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr | ||
| CVE-2022-41723 | — | < 0.4.0-150000.1.18.3 | 0.4.0-150000.1.18.3 | Feb 28, 2023 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | ||
| CVE-2022-46146 | — | < 0.4.0-150000.1.18.3 | 0.4.0-150000.1.18.3 | Nov 29, 2022 | Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0. | ||
| CVE-2022-32149 | — | < 0.4.0-150000.1.18.3 | 0.4.0-150000.1.18.3 | Oct 14, 2022 | An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. | ||
| CVE-2021-20180 | — | < 0.4.0-150000.1.15.1 | 0.4.0-150000.1.15.1 | Mar 16, 2022 | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f | ||
| CVE-2021-3620 | — | < 0.4.0-150000.1.15.1 | 0.4.0-150000.1.15.1 | Mar 3, 2022 | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | ||
| CVE-2021-3583 | — | < 0.4.0-150000.1.15.1 | 0.4.0-150000.1.15.1 | Sep 22, 2021 | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special templ | ||
| CVE-2021-20191 | — | < 0.4.0-150000.1.15.1 | 0.4.0-150000.1.15.1 | May 26, 2021 | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne | ||
| CVE-2021-20178 | — | < 0.4.0-150000.1.15.1 | 0.4.0-150000.1.15.1 | May 26, 2021 | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f | ||
| CVE-2021-20228 | — | < 0.4.0-150000.1.15.1 | 0.4.0-150000.1.15.1 | Apr 29, 2021 | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from | ||
| CVE-2021-3447 | — | < 0.4.0-150000.1.15.1 | 0.4.0-150000.1.15.1 | Apr 1, 2021 | A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_lo |
- CVE-2023-29409Aug 2, 2023affected < 0.4.0-150000.1.18.3fixed 0.4.0-150000.1.18.3
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr
- CVE-2022-41723Feb 28, 2023affected < 0.4.0-150000.1.18.3fixed 0.4.0-150000.1.18.3
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
- CVE-2022-46146Nov 29, 2022affected < 0.4.0-150000.1.18.3fixed 0.4.0-150000.1.18.3
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.
- CVE-2022-32149Oct 14, 2022affected < 0.4.0-150000.1.18.3fixed 0.4.0-150000.1.18.3
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
- CVE-2021-20180Mar 16, 2022affected < 0.4.0-150000.1.15.1fixed 0.4.0-150000.1.15.1
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f
- CVE-2021-3620Mar 3, 2022affected < 0.4.0-150000.1.15.1fixed 0.4.0-150000.1.15.1
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
- CVE-2021-3583Sep 22, 2021affected < 0.4.0-150000.1.15.1fixed 0.4.0-150000.1.15.1
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special templ
- CVE-2021-20191May 26, 2021affected < 0.4.0-150000.1.15.1fixed 0.4.0-150000.1.15.1
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne
- CVE-2021-20178May 26, 2021affected < 0.4.0-150000.1.15.1fixed 0.4.0-150000.1.15.1
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f
- CVE-2021-20228Apr 29, 2021affected < 0.4.0-150000.1.15.1fixed 0.4.0-150000.1.15.1
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from
- CVE-2021-3447Apr 1, 2021affected < 0.4.0-150000.1.15.1fixed 0.4.0-150000.1.15.1
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_lo