10 matches found
CVE-2024-36129
creationtimestamp| type| source ---|---|--- 2025-06-04 22:18:38+00:00| seen| https://gist.github.com/halcyondude/66828e4acd89fd2975183ac3c839381d...
Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-36129.
Summary OpenTelemetry Collector is used by the CP4D Scheduling Service for telemetry collection. CVE-2024-36129. Vulnerability Details CVEID:CVE-2024-36129 DESCRIPTION: OpenTelemetry OpenTelemetry Collector is vulnerable to a denial of service, caused by an unsafe decompression vulnerability. By...
alloy-1.4.3-1.1 on GA media (moderate)
alloy-1.4.3-1.1 on GA media Announcement ID: openSUSE-SU-2024:14439-1 Rating: moderate Cross-References: CVE-2024-36129 CVE-2024-8975 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the...
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-708)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-708 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to...
Important: amazon-cloudwatch-agent
Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...
Important: amazon-cloudwatch-agent
Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 3.2.1 operator containers security update
Red Hat OpenShift distributed tracing 3.2.1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
GHSA-87M9-RV8P-RGMG go-grpc-compression has a zstd decompression bombing vulnerability
Impact A malicious user could cause a denial of service DoS when using a specially crafted gRPC request. The decompression mechanism for zstd did not respect the limits imposed by gRPC, allowing rapid memory usage increases. Versions v1.1.4 through to v1.2.2 made use of the Decoder.DecodeAll...
CVE-2024-36129 vulnerabilities
Vulnerabilities for packages: tempo, opentelemetry-collector-contrib, opentelemetry-collector, datadog-agent...
CVE-2024-36129
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...