Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.9CVSS5.5AI score0.00304EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry .NET Contrib prior to 1.15.0 contain security vulnerabilities. These vulnerabilities stem from the HttpJsonPostTransport class, which allows...

5.9CVSS5.8AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 9:43 p.m.9 views

EUVD-2026-25269

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers...

5.3CVSS5.7AI score0.00458EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/23 6:3 p.m.3 views

CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References6
CVE
CVE
added 2026/04/23 6:3 p.m.59 views

CVE-2026-40894

OpenTelemetry dotnet vulnerable versions: OpenTelemetry.Api 0.5.0-beta.2–1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1–1.15.2 contain code paths for baggage, B3 and Jaeger processing that can allocate excessive memory when parsing propagation headers, potentially leading to a DoS. The iss...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References6Affected Software3
Cvelist
Cvelist
added 2026/04/23 6:3 p.m.33 views

CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS0.00458EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/23 5:54 p.m.3 views

CVE-2026-40891 OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/23 5:51 p.m.4 views

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/23 5:51 p.m.31 views

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS0.00304EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/23 5:51 p.m.3 views

CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/23 5:51 p.m.22 views

CVE-2026-40182

OpenTelemetry dotnet OTLP exporter (versions 1.13.1–1.15.1) is affected. When exporting via gRPC/HTTP and the response status is 4xx/5xx, the client reads the entire HTTP response body into memory without an upper bound. This can cause memory exhaustion in the consuming application if the back-en...

5.9CVSS5.8AI score0.00304EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34707

Name of the Vulnerable Software and Affected Versions OpenTelemetry dotnet versions 1.13.1 through 1.15.1 Description When exporting telemetry to a back-end or collector over gRPC or HTTP using the OpenTelemetry Protocol OTLP format, unsuccessful requests HTTP 4xx or 5xx result in the response...

5.9CVSS5.2AI score0.00304EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34708

Name of the Vulnerable Software and Affected Versions OpenTelemetry dotnet versions 1.13.1 through 1.15.1 Description When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided 'grpc-status-details-bin' trailer during retry handling. A...

5.3CVSS5.2AI score0.00192EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.13 views

OpenTelemetry .NET 安全漏洞

OpenTelemetry .NET is the .NET client of OpenTelemetry developed by OpenTelemetry Inc. OpenTelemetry .NET versions 1.6.0-rc.1 and earlier have a security vulnerability. This vulnerability arises from the internal pooling list size growing due to a large number of spans/tags, which may lead to...

5.9CVSS5.8AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-6151

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00468EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1310

Malicious code in bioql PyPI...

4.1CVSS4.8AI score0.00291EPSS
Exploits0References5
CVE
CVE
added 2024/04/12 10:58 p.m.74 views

CVE-2024-32028

OpenTelemetry dotnet has a vulnerability in OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore where url.full and url.query values were written to spans, potentially exposing sensitive data. Affected versions prior to 1.8.1 pass the raw query string; 1.8.1 and later r...

4.1CVSS6.3AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 2024/04/12 10:58 p.m.30 views

CVE-2024-32028 Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore

OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore the url.full writes attribute/tag on spans Activity when tracing is enabled for outgoing http requests and...

4.1CVSS4.7AI score0.00291EPSS
Exploits0References5
Rows per page
Query Builder