Lucene search
K

112 matches found

CVE
CVE
added 2026/07/01 9:15 p.m.12 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS5.3AI score0.00212EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.10 views

SUSE CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS5.7AI score0.00212EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:24 p.m.10 views

CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS5.7AI score0.00212EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/02 3:24 p.m.13 views

EUVD-2026-33953

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS5.7AI score0.00212EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:24 p.m.12 views

CVE-2026-45679 OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS5.7AI score0.00212EPSS
Exploits1References2
CVE
CVE
added 2026/06/02 3:24 p.m.19 views

CVE-2026-45679

CVE-2026-45679 affects OpenTelemetry eBPF Instrumentation (OBI). Prior to version 0.9.0, OBI exports raw Redis error text as the span status message, causing Redis error replies to be exposed in telemetry backends. This can leak attacker-controlled or sensitive data (tokens, PII, etc.) into downs...

6.5CVSS5.7AI score0.00212EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/02 3:24 p.m.44 views

CVE-2026-45679 OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS0.00212EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

OpenTelemetry eBPF Instrumentation 安全漏洞

OpenTelemetry eBPF Instrumentation is an open-source, eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the export of raw Redis erro...

6.5CVSS5.4AI score0.00212EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.45 views

TTPrint: Evidence-Grounded TTP Extraction Via Diverge-Then-Converge Verification

Extracting MITRE ATT&CK techniques from cyber threat intelligence CTI reports is an open-set, multi-label problem requiring both high recall not missing techniques and high precision not hallucinating unsupported ones. Existing methods--rule-based, supervised, and LLM-based--struggle to achieve...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/18 5:56 p.m.8 views

GHSA-8RRQ-WCG8-CV5Q OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

Summary OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis...

6.5CVSS5.9AI score0.00212EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/18 5:56 p.m.32 views

OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

Summary OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis...

6.5CVSS5.9AI score0.00212EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41784

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description OpenTelemetry eBPF Instrumentation exports raw Redis error text as the span status message. Because Redis error replies can contain sensitive values or attacker-controlled...

6.5CVSS5.9AI score0.00212EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/05 9:50 p.m.14 views

Cross-site Scripting (XSS)

Overview ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An attacker can execute...

6.1CVSS5.8AI score0.00471EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/28 11:23 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Exporter.Zipkin is a Zipkin Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded growth of the remote endpoint cache derived from span attributes. An attacker can cause...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/19 3:16 p.m.6 views

CVE-2025-64468

There is a use-after-free vulnerability in sentry!sentryspansetdata when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability...

8.5CVSS7.3AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 3:15 p.m.10 views

CVE-2025-64468

There is a use-after-free vulnerability in sentry!sentryspansetdata when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability...

8.5CVSS0.00132EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 3:15 p.m.8 views

CVE-2025-64468

There is a use-after-free vulnerability in sentry!sentryspansetdata when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability...

8.5CVSS6AI score0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 2:50 p.m.4 views

CVE-2025-64468 Use-after-Free in sentry!sentry_span_set_data() in NI LabVIEW

There is a use-after-free vulnerability in sentry!sentryspansetdata when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability...

8.5CVSS6.9AI score0.00132EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 2:50 p.m.23 views

CVE-2025-64468

CVE-2025-64468 describes a use-after-free in NI LabVIEW’s sentry!sentry_span_set_data() when parsing a corrupted VI file. This could lead to information disclosure or arbitrary code execution. Exploitation requires a user to open a specially crafted VI file, and affects LabVIEW 2025 Q3 (25.3) and...

8.5CVSS6.9AI score0.00132EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder