RHEL 10 : opentelemetry-collector (RHSA-2025:12850)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:12850 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of inval...

RHEL 9 : opentelemetry-collector (RHSA-2025:12831)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:12831 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of invali...

ALSA-2025:12831 Moderate: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

Moderate: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

ROS-20250801-01

A vulnerability in a set of add-on tools and libraries for the Go language designed to integrate with the OpenTelemetry, OpenTelemetry-Go Contrib is related to unconstrained and unregulated resource allocation when adding net.peer.sock.addr and net.peer.sock.port tags. regulation when adding...

RockyLinux 9 : opentelemetry-collector (RLSA-2025:3411)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:3411 advisory. golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 Tenable has extracted the preceding description block directly from...

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...

RLSA-2025:3411 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS score,...

Azure Linux 3.0 Security Update: docker-buildx (CVE-2025-0495)

The version of docker-buildx installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0495 advisory. - Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support...

Important: Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.6.1 release

Red Hat build of OpenTelemetry 3.6.1 has been released This release of the Red Hat build of OpenTelemetry provides a CVE fix. Breaking changes: Nothing Deprecations: Nothing Technology Preview features: Nothing Enhancements: Nothing Bug fixes: Nothing Known issues: Nothing...

RHSA-2025:9756 Red Hat Security Advisory: opentelemetry-collector security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

RHEL 9 : opentelemetry-collector (RHSA-2025:9756)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9756 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of invalid...

K000151924: runc vulnerability CVE-2024-45310

Security Advisory Description runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a...

Important: Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.6.0 release

Red Hat build of OpenTelemetry 3.6.0 has been released Breaking changes: Nothing Deprecations: Nothing Technology Preview features: Cumulative-to-Delta Processor Enhancements: The following Technology Preview features reach General Availability: Kafka Exporter Attributes Processor Resource...

TencentOS Server 4: grafana (TSSA-2024:0808)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0808 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Security Bulletin: OpenTelemetry Collector Contrib could allow a remote attacker to bypass security restrictions, caused by a flaw when configured to require a key, affects watsonx.data

Summary OpenTelemetry Collector Contrib could allow a remote attacker to bypass security restrictions, caused by a flaw when configured to require a key. By sending a specially crafted request, an attacker could exploit this vulnerability to perform unauthorized write to metrics and this could...

Security Bulletin: Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured tokens, affects watsonx.data

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform a...

RHEL 10 : opentelemetry-collector (RHSA-2025:7479)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:7479 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: go-jose: Go JOSE's Parsing Vulnerable to Denia...

Fedora: Security Advisory (FEDORA-2024-971a3a4ef7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...