761 matches found
RHSA-2025:3411 Red Hat Security Advisory: opentelemetry-collector security update
Bulletin has no description...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 9 : opentelemetry-collector (RHSA-2025:3335)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:3335 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: golang: net/http: net/http: sensitive headers...
RHSA-2025:3335 Red Hat Security Advisory: opentelemetry-collector security update
Bulletin has no description...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2025-30204 vulnerabilities
Vulnerabilities for packages: falcoctl, ko, ksops, kubeflow-katib, mc, policy-controller, telegraf, terragrunt, zot, hydra, bank-vaults, op-geth, boring-registry, timestamp-authority, fluent-bit-plugin-loki, crossplane-provider-azure-managedidentity, distribution, scorecard, kube-metrics-adapter,...
Unintended Secret Exposure
github.com/docker/buildx is vulnerable to unintended secret exposure. The vulnerability is due to improper handling of sensitive data in OpenTelemetry traces and BuildKit daemon's history records, that allows an attacker to access sensitive secrets by extracting them...
CVE-2025-29786 vulnerabilities
Vulnerabilities for packages: argo-cd, argo-workflows, opentelemetry-collector-contrib, nats, grafana-alloy, argo-rollouts, amazon-cloudwatch-agent, splunk-otel-collector, tempo, kubeflow-pipelines, k8sgpt, opentelemetry-collector, coredns, kargo...
GHSA-93MQ-9FFX-83M2 vulnerabilities
Vulnerabilities for packages: argo-cd, argo-workflows, opentelemetry-collector-contrib, nats, grafana-alloy, argo-rollouts, amazon-cloudwatch-agent, splunk-otel-collector, tempo, kubeflow-pipelines, k8sgpt, opentelemetry-collector, coredns, kargo...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
SUSE CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of credentials being passed as parameter values when registering a new user via the OpenTelemetry endpoint. These values may be passed in a cache-to/cache-from configuration a...
buildx allows a possible credential leakage to telemetry endpoint
Impact Some cache backends allow configuring their credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. If this was done by the user, these secure values could be captured together with OpenTelemetry trace as part of the arguments and flags for the...
GHSA-M4GQ-FM9H-8Q75 buildx allows a possible credential leakage to telemetry endpoint
Impact Some cache backends allow configuring their credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. If this was done by the user, these secure values could be captured together with OpenTelemetry trace as part of the arguments and flags for the...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
DEBIAN-CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
AZL-58863 CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
UBUNTU-CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...