761 matches found
Observing Spin Apps with OpenTelemetry and the .NET Aspire Dashboard
Observe Spin apps locally using automatic instrumentation, the otel plug-in, and the .NET Aspire dashboard for logs, metrics, and traces...
OPENSUSE-SU-2024:0351-1 Security update for python-mysql-connector-python
This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 boo1231740, CVE-2024-21272 - WL16452: Bundle all installable authentication plugins when building the C-extension - WL16444: Drop build support for DEB packages - WL16442: Upgrade gssapi version to 1.8.3 -...
SUSE CVE-2024-36129
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...
This Week in Spring - October 29th, 2024
Hi, Spring fans! How're things? It's almost Halloween! I'm so excited! I'm going as a PHP program. Boooooooo...t. I'm writing this from the amazing Vaadin Create conference in Frankfurt, Germany, about to do my keynote for an amazing, Spring-loving audience here. So, without further ado, let's di...
Let’s use OpenTelemetry with Spring
Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.32 bug fix and security update
Red Hat OpenShift Container Platform release 4.15.32 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.36 security update
Red Hat OpenShift Container Platform release 4.14.36 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-708)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-708 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to...
Important: amazon-cloudwatch-agent
Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...
Important: amazon-cloudwatch-agent
Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...
OpenTelemetry Collector < 0.108.0 Authentication Bypass
The OpenTelemetry Collector running on the remote host is prior to 0.108.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below: OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...
Important: amazon-cloudwatch-agent
Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...
Important: amazon-cloudwatch-agent
Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...
GHSA-JFVP-7X6P-H2PV vulnerabilities
Vulnerabilities for packages: grafana-alloy, syft, buildah, grype, neuvector-scanner, docker, runc, ctop, podman, k3s, cadvisor, opentelemetry-collector-contrib, kubernetes, k8s-device-plugin...
CVE-2024-45310 vulnerabilities
Vulnerabilities for packages: grafana-alloy, syft, buildah, grype, neuvector-scanner, docker, runc, ctop, podman, k3s, cadvisor, opentelemetry-collector-contrib, kubernetes, k8s-device-plugin...
GO-2024-3102 OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver...
Authentication Bypass
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver is vulnerable to unauthorized remote access. The vulnerability is due to improper enforcement of key requirements in the awsfirehosereceiver module, allowing unauthenticated requests even when a key is configur...
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Summary OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key. OpenTelemetry Collector can be configured to receive CloudWatch metrics via an AWS Firehose Stream. Firehose sets the header X-Amz-Firehose-Access-Key with an...
GHSA-PRF6-XJXH-P698 OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Summary OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key. OpenTelemetry Collector can be configured to receive CloudWatch metrics via an AWS Firehose Stream. Firehose sets the header X-Amz-Firehose-Access-Key with an...
CVE-2024-45043
The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...