rpm package
suse/prometheus-blackbox_exporter&distro=SUSE Manager Proxy Module 4.3
pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3
Vulnerabilities (33)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3620 | — | < 0.19.0-150000.1.11.1 | 0.19.0-150000.1.11.1 | Mar 3, 2022 | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | ||
| CVE-2021-43815 | — | < 0.19.0-150000.1.14.3 | 0.19.0-150000.1.14.3 | Dec 10, 2021 | Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured | ||
| CVE-2021-43813 | — | < 0.19.0-150000.1.14.3 | 0.19.0-150000.1.14.3 | Dec 10, 2021 | Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files wi | ||
| CVE-2021-43798 | — | KEV | < 0.19.0-150000.1.14.3 | 0.19.0-150000.1.14.3 | Dec 7, 2021 | Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, | |
| CVE-2021-41244 | — | < 0.19.0-150000.1.14.3 | 0.19.0-150000.1.14.3 | Nov 15, 2021 | Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana | ||
| CVE-2021-41174 | — | < 0.19.0-150000.1.14.3 | 0.19.0-150000.1.14.3 | Nov 3, 2021 | Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user vi | ||
| CVE-2021-3583 | — | < 0.19.0-150000.1.11.1 | 0.19.0-150000.1.11.1 | Sep 22, 2021 | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special templ | ||
| CVE-2021-3711 | — | < 0.19.0-150000.1.14.3 | 0.19.0-150000.1.14.3 | Aug 24, 2021 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with | ||
| CVE-2021-36222 | — | < 0.19.0-150000.1.14.3 | 0.19.0-150000.1.14.3 | Jul 22, 2021 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a | ||
| CVE-2021-20191 | — | < 0.19.0-150000.1.11.1 | 0.19.0-150000.1.11.1 | May 26, 2021 | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne | ||
| CVE-2021-20178 | — | < 0.19.0-150000.1.11.1 | 0.19.0-150000.1.11.1 | May 26, 2021 | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f | ||
| CVE-2021-20228 | — | < 0.19.0-150000.1.11.1 | 0.19.0-150000.1.11.1 | Apr 29, 2021 | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from | ||
| CVE-2021-3447 | — | < 0.19.0-150000.1.11.1 | 0.19.0-150000.1.11.1 | Apr 1, 2021 | A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_lo |
- CVE-2021-3620Mar 3, 2022affected < 0.19.0-150000.1.11.1fixed 0.19.0-150000.1.11.1
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
- CVE-2021-43815Dec 10, 2021affected < 0.19.0-150000.1.14.3fixed 0.19.0-150000.1.14.3
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured
- CVE-2021-43813Dec 10, 2021affected < 0.19.0-150000.1.14.3fixed 0.19.0-150000.1.14.3
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files wi
- affected < 0.19.0-150000.1.14.3fixed 0.19.0-150000.1.14.3
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`,
- CVE-2021-41244Nov 15, 2021affected < 0.19.0-150000.1.14.3fixed 0.19.0-150000.1.14.3
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana
- CVE-2021-41174Nov 3, 2021affected < 0.19.0-150000.1.14.3fixed 0.19.0-150000.1.14.3
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user vi
- CVE-2021-3583Sep 22, 2021affected < 0.19.0-150000.1.11.1fixed 0.19.0-150000.1.11.1
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special templ
- CVE-2021-3711Aug 24, 2021affected < 0.19.0-150000.1.14.3fixed 0.19.0-150000.1.14.3
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with
- CVE-2021-36222Jul 22, 2021affected < 0.19.0-150000.1.14.3fixed 0.19.0-150000.1.14.3
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a
- CVE-2021-20191May 26, 2021affected < 0.19.0-150000.1.11.1fixed 0.19.0-150000.1.11.1
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne
- CVE-2021-20178May 26, 2021affected < 0.19.0-150000.1.11.1fixed 0.19.0-150000.1.11.1
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f
- CVE-2021-20228Apr 29, 2021affected < 0.19.0-150000.1.11.1fixed 0.19.0-150000.1.11.1
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from
- CVE-2021-3447Apr 1, 2021affected < 0.19.0-150000.1.11.1fixed 0.19.0-150000.1.11.1
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_lo
Page 2 of 2