1856 matches found
RHEL 10 : opentelemetry-collector (RHSA-2026:1907)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:1907 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: crypto/x509: golang: Denial of Service due to excessive...
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
AZL-76443 CVE-2026-24051 affecting package azl-otel-collector 0.127.0-1
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
GHSA-9H8M-3FM2-QJRQ OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking
Impact The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes ioreg, when the PATH environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by...
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
CVE-2026-24051
OpenTelemetry-Go SDK vulnerability CVE-2026-24051: The Go SDK (versions v1.20.0–1.39.0) is vulnerable on macOS/Darwin to PATH Hijacking via the resource detector in sdk/resource/host_id.go, which runs ioreg using a search path. An attacker able to modify PATH can achieve Arbitrary Code Execution ...
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
Top 10 Cloud Compliance Tools for Enterprise Security and Audit Readiness in 2026
Key Takeaways Cloud compliance has shifted from periodic audits to a continuous operating requirement as hybrid and multi-cloud environments change faster than traditional controls can keep pace. Modern cloud compliance solutions provide continuous, automated compliance monitoring across AWS,...
From Triage to Threat Hunts: How AI Accelerates SecOps
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoff...
CVE-2026-23886
Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...
EUVD-2026-3282
Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...
CVE-2026-21903
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
CVE-2026-21921
A Use After Free vulnerability in the chassis daemon chassisd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service DoS. When telemetry collectors are frequently subscribing and unsubscribing to sensors...
CVE-2026-21921
A Use After Free vulnerability in the chassis daemon chassisd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service DoS. When telemetry collectors are frequently subscribing and unsubscribing to sensors...
CVE-2026-21921
A Use After Free vulnerability in the chassis daemon chassisd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service DoS. When telemetry collectors are frequently subscribing and unsubscribing to sensors...