Lucene search
K

264 matches found

RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-59892

A flaw was found in the @opentelemetry/propagator-jaeger component of OpenTelemetry JavaScript. This vulnerability allows an unauthenticated remote attacker to send specially crafted HTTP header values, specifically uber-trace-id and uberctx-. The component improperly decodes these values without...

7.5CVSS6AI score0.00436EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS0.00436EPSS
Exploits0References3
CVE
CVE
added 6 days ago10 views

CVE-2026-59892

Summary: OpenTelemetry JavaScript’s JaegerPropagator (via @opentelemetry/propagator-jaeger) decodes uber-trace-id and uberctx-* headers with decodeURIComponent() without handling decode errors prior to 2.9.0, enabling an unauthenticated attacker to send a malformed percent-encoded value that resu...

7.5CVSS6AI score0.00436EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 10:16 p.m.5 views

CVE-2026-54712

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

7.5CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 9:17 p.m.37 views

CVE-2026-54712 OpenTelemetry Javaagent RMI context propagation allows resource exhaustion

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

5.3CVSS0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:15 p.m.6 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 9:15 p.m.42 views

CVE-2026-54704 OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 4:21 a.m.7 views

MAL-2026-6562 Malicious code in @epic-common/observability-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d7457ccefffe2de1f0464f21ac2eadfb981be593d2b34ceb0d5cde1174da0b Package targets the private @epic-common scope Epic Games and is published to the public npm registry as a dependency-confusion vehicle. On import of...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES15 Security Update : containerized-data-importer (SUSE-SU-2026:2493-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2493-1 advisory. - Security: re-vendor Go dependencies to address CVEs tracked against containerized-data-importer backport of upstream PR 4110,...

9.1CVSS6.6AI score0.91969EPSS
Exploits7References32
NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-54285

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:52 p.m.46 views

CVE-2026-54285

Opentelemetry-js (OpenTelemetry JavaScript client) is affected by CVE-2026-54285 through the W3CBaggagePropagator.extract() path in @opentelemetry/core prior to 2.8.0, where inbound baggage headers were not capped and could trigger memory allocation proportional to header size. The issue is fixed...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

SUSE SLES16 Security Update : google-guest-agent (SUSE-SU-2026:22128-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22128-1 advisory. Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References24
OSV
OSV
added 2026/06/18 3:51 p.m.8 views

ROOT-APP-GOBINARY-CVE-2026-39883 CVE-2026-39883 in rootio-go.opentelemetry.io/otel/sdk - Patched by Root

Root has patched CVE-2026-39883 in the rootio-go.opentelemetry.io/otel/sdk package for Root:Go. Multiple fixed versions available...

7CVSS5.2AI score0.0022EPSS
Exploits1
OSV
OSV
added 2026/06/18 3:51 p.m.6 views

ROOT-APP-GOBINARY-CVE-2026-24051 CVE-2026-24051 in rootio-go.opentelemetry.io/otel/sdk - Patched by Root

Root has patched CVE-2026-24051 in the rootio-go.opentelemetry.io/otel/sdk package for Root:Go. Multiple fixed versions available...

7CVSS7.6AI score0.00157EPSS
Exploits0
OSV
OSV
added 2026/06/18 3:5 p.m.6 views

GHSA-W5CV-PW74-4RXC opentelemetry-collector-contrib: githubreceiver silently ignores configured required_headers authentication

githubreceiver Silently Ignores Configured requiredheaders Authentication Summary The githubreceiver webhook handler does not enforce the requiredheaders configuration. Headers are validated at startup config rejects empty keys/values but never checked on incoming requests. This follows the same...

6.9CVSS5.5AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 7:28 a.m.6 views

Security Bulletin: IBM Engineering Lifecycle Management on Hybrid Cloud multiple vulnerabilities addressed

Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. Two of...

10CVSS8AI score0.01557EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49598

Name of the Vulnerable Software and Affected Versions @opentelemetry/core versions prior to 2.8.0 Description The W3CBaggagePropagator.extract function in @opentelemetry/core fails to enforce size limits when parsing inbound baggage HTTP headers. While the W3C Baggage specification recommends a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 2:52 p.m.13 views

EUVD-2026-36466

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 2:52 p.m.26 views

CVE-2026-44967

OpenTelemetry-cpp OTLP HTTP exporters (traces/metrics/logs) read entire HTTP responses into an unbounded in-memory byte vector before 1.27.0, enabling memory exhaustion if the collector endpoint is attacker-controlled or the connection is MITM. The issue is fixed in opentelemetry-cpp release 1.27...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/12 4:42 a.m.13 views

CVE-2026-45287

A flaw was found in OpenTelemetry-Go before schema package version 0.0.17. ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can...

5.5CVSS5.7AI score0.00168EPSS
Exploits1References6
Rows per page
Query Builder