161 matches found
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: jaeger: jaeger-2.19.0-1.hum1 aarch64, x8664 jaeger-2.19.0-1.hum1.src src...
CVE-2026-41078
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...
CVE-2026-40894
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...
FreeBSD : Grafana -- XSS in Grafana Explore stack trace (6cc28c49-58fe-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6cc28c49-58fe-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's...
CVE-2026-44903 vulnerabilities
Vulnerabilities for packages: trillian, amazon-cloudwatch-agent-operator, opentelemetry-collector, tempo, istio, minio, loki, telegraf, cloud-sql-proxy, mc, splunk-otel-collector, karma, minio-object-browser, opentelemetry-collector-contrib, fluent-bit-plugin-loki, opentelemetry-operator,...
CVE-2026-44903 vulnerabilities
Vulnerabilities for packages: agentbeat-fips, cloud-sql-proxy, datadog-agent, opentelemetry-collector-contrib-fips, ld-relay, jaeger, opentelemetry-operator-fips, karma-fips, cloudzero-agent-fips, minio-object-browser, certificate-transparency, beats-fips, cloud-sql-proxy-fips, loki-fips, telegra...
GHSA-FW8G-CG8F-9J28 vulnerabilities
Vulnerabilities for packages: trillian, amazon-cloudwatch-agent-operator, opentelemetry-collector, tempo, istio, minio, loki, telegraf, cloud-sql-proxy, mc, splunk-otel-collector, karma, minio-object-browser, opentelemetry-collector-contrib, fluent-bit-plugin-loki, opentelemetry-operator,...
GHSA-FW8G-CG8F-9J28 vulnerabilities
Vulnerabilities for packages: agentbeat-fips, cloud-sql-proxy, datadog-agent, opentelemetry-collector-contrib-fips, ld-relay, jaeger, opentelemetry-operator-fips, karma-fips, cloudzero-agent-fips, minio-object-browser, certificate-transparency, beats-fips, cloud-sql-proxy-fips, loki-fips, telegra...
Memory Allocation with Excessive Size Value
Overview OpenTelemetry.Extensions.Propagators is a package containing propagator formats for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the processing of propagation headers such as baggage, B3, and Jaeger. An attacker ca...
GHSA-G94R-2VXG-569J OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...
CVE-2026-41078
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...
CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...
CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...
CVE-2026-41078
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...
CVE-2026-41078
OpenTelemetry dotnet CVE-2026-41078 affects OpenTelemetry.Exporter.Jaeger (pre-1.6.0-rc.1 and earlier). The issue: memory pressure caused by unbounded pooled-list sizing in the Jaeger exporter conversion path, where oversized allocations from large span/tag sets can be reused for later allocation...
CVE-2026-40894
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...
OpenTelemetry .NET 安全漏洞
OpenTelemetry .NET is the .NET client of OpenTelemetry developed by OpenTelemetry Inc. There is a security vulnerability in OpenTelemetry .NET, which stems from the implementation details of baggage, B3, and Jaeger handling code. This vulnerability may lead to excessive memory allocation during...
PT-2026-34720
Name of the Vulnerable Software and Affected Versions OpenTelemetry.Api versions 0.5.0-beta.2 through 1.15.2 OpenTelemetry.Extensions.Propagators versions 1.3.1 through 1.15.2 Description Implementation details of the baggage, B3, and Jaeger processing code in the OpenTelemetry.Api and...
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
Summary !IMPORTANT There is no plan to fix this issue as OpenTelemetry.Exporter.Jaeger was deprecated in 2023. It is for informational purposes only. OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set...