Lucene search
K

39 matches found

RedhatCVE
RedhatCVE
added 2026/06/12 4:42 a.m.12 views

CVE-2026-45287

A flaw was found in OpenTelemetry-Go before schema package version 0.0.17. ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can...

5.5CVSS5.7AI score0.00168EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.4AI score0.00237EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-45287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1...

5.5CVSS5.9AI score0.00168EPSS
Exploits1References4
NVD
NVD
added 2026/06/04 4:16 p.m.12 views

CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 4:16 p.m.7 views

DEBIAN-CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.4AI score0.00237EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 4:16 p.m.9 views

UBUNTU-CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

5.5CVSS5.3AI score0.00168EPSS
Exploits1References3
CVE
CVE
added 2026/06/04 2:38 p.m.49 views

CVE-2026-41178

CVE-2026-41178 affects OpenTelemetry-Go baggage parsing. The issue arises from removal of raw-length rejection in baggage header parsing, causing Parse to fully process very large or invalid baggage headers and log errors, enabling potential DoS via CPU/memory and log amplification. Concrete deta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 2:38 p.m.10 views

CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.4AI score0.00237EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44723

Name of the Vulnerable Software and Affected Versions OpenTelemetry Go affected versions not specified Description A denial-of-service issue exists due to the removal of raw-length rejection during baggage header parsing. The Parse function processes arbitrarily large or invalid baggage headers a...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Amazon Linux 2023 : docker (ALAS2023-2026-1659)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1659 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-114 (ALASDOCKER-2026-114)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-114 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-39883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolut...

8.8CVSS7.1AI score0.0022EPSS
Exploits1References2
OSV
OSV
added 2026/04/09 12:57 a.m.5 views

CLEANSTART-2026-BA09462 OpenTelemetry-Go is the Go implementation of OpenTelemetry

Multiple security vulnerabilities affect the cass-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...

9.8CVSS7.1AI score0.01557EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-39882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into a...

5.3CVSS7.2AI score0.0019EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/08 9:17 p.m.5 views

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7.3CVSS5.8AI score0.0022EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/08 9:17 p.m.4 views

CVE-2026-39882

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 9:17 p.m.4 views

DEBIAN-CVE-2026-39882

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.3AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:26 p.m.44 views

CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7.3CVSS0.0022EPSS
Exploits1References2
Circl
Circl
added 2026/04/08 2:39 p.m.7 views

CVE-2026-39882

creationtimestamp| type| source ---|---|--- 2026-04-08 14:39:01+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/07 10:12 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Rows per page
Query Builder