VYPR

rpm package

suse/golang-github-lusitaniae-apache_exporter&distro=SUSE Manager Client Tools 12

pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012

Vulnerabilities (18)

  • CVE-2025-1365Feb 16, 2025
    affected < 1.0.10-1.27.3fixed 1.0.10-1.27.3

    A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this

  • CVE-2023-40577Aug 25, 2023
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue ha

  • CVE-2023-3978Aug 2, 2023
    affected < 1.0.8-1.24.3fixed 1.0.8-1.24.3

    Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

  • CVE-2023-29409Aug 2, 2023
    affected < 1.0.0-1.18.2fixed 1.0.0-1.18.2

    Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr

  • CVE-2022-41723Feb 28, 2023
    affected < 1.0.0-1.18.2fixed 1.0.0-1.18.2

    A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

  • CVE-2022-46146Nov 29, 2022
    affected < 1.0.0-1.18.2fixed 1.0.0-1.18.2

    Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.

  • CVE-2022-41715Oct 14, 2022
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively sm

  • CVE-2022-32149Oct 14, 2022
    affected < 1.0.0-1.18.2fixed 1.0.0-1.18.2

    An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

  • CVE-2022-31107Jul 15, 2022
    affected < 0.11.0-1.13.1fixed 0.11.0-1.13.1

    Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove

  • CVE-2022-31097Jul 15, 2022
    affected < 0.11.0-1.13.1fixed 0.11.0-1.13.1

    Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability

  • CVE-2021-43138Apr 6, 2022
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

  • CVE-2022-21698Feb 15, 2022
    affected < 0.11.0-1.13.1fixed 0.11.0-1.13.1

    client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde

  • CVE-2022-0155Jan 10, 2022
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

  • CVE-2021-43815Dec 10, 2021
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured

  • CVE-2021-43798KEVDec 7, 2021
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`,

  • CVE-2021-3918Nov 13, 2021
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

  • CVE-2021-3807Sep 17, 2021
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    ansi-regex is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2020-7753Oct 27, 2020
    affected < 1.0.0-1.21.2fixed 1.0.0-1.21.2

    All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().