Lucene search
+L

1967 matches found

redhatcve
redhatcve
added 2026/06/05 7:33 p.m.8 views

CVE-2026-45676

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section...

5.5CVSS5.4AI score0.00162EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:33 p.m.12 views

CVE-2026-45582

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry...

6.5CVSS5.5AI score0.00262EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.5AI score0.00287EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40894

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS5.5AI score0.00458EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:26 p.m.11 views

CVE-2026-40891

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...

5.3CVSS5.4AI score0.00192EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:24 p.m.10 views

CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

6.5CVSS5.5AI score0.00207EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:22 p.m.12 views

CVE-2026-7415

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS5.5AI score0.00544EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:19 p.m.9 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.5AI score0.00245EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS5.5AI score0.00274EPSS
Exploits0References1
nessus
nessus
added 2026/06/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-45287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1...

5.5CVSS5.9AI score0.00168EPSS
Exploits1References4
redos
redos
added 2026/06/05 12:0 a.m.8 views

ROS-20260605-73-0051

The vulnerability of the Telemetry component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures...

9.6CVSS5.4AI score0.00539EPSS
Exploits0
osv
osv
added 2026/06/04 4:16 p.m.7 views

DEBIAN-CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.4AI score0.00237EPSS
Exploits0References1
nvd
nvd
added 2026/06/04 4:16 p.m.13 views

CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS0.00237EPSS
Exploits0References2
osv
osv
added 2026/06/04 4:16 p.m.11 views

UBUNTU-CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

5.5CVSS5.3AI score0.00168EPSS
Exploits1References3
osv
osv
added 2026/06/04 2:45 p.m.1 views

CVE-2026-45287 OpenTelemetry-Go's Schema ParseFile leaks file descriptors on each parse

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

2.1CVSS5.9AI score0.00168EPSS
Exploits1References5
osv
osv
added 2026/06/04 2:38 p.m.2 views

CVE-2026-41178 OpenTelemetry-Go's baggage parsing no longer caps raw header length

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4
cve
cve
added 2026/06/04 2:38 p.m.77 views

CVE-2026-41178

CVE-2026-41178 affects OpenTelemetry-Go baggage parsing. The issue arises from removal of raw-length rejection in baggage header parsing, causing Parse to fully process very large or invalid baggage headers and log errors, enabling potential DoS via CPU/memory and log amplification. Concrete deta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2026/06/04 2:38 p.m.10 views

CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.4AI score0.00237EPSS
Exploits0
talosblog
talosblog
added 2026/06/04 12:5 p.m.12 views

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

By Ron Scott-Adams Most security tools operate on a simple principle: If a known-bad pattern appears, fire an alert. This works well enough for many threats, but it fails against adversaries who closely study detection thresholds and deliberately stay under them. Cisco Talos Threat Hunting operat...

5.7AI score
Exploits0
nvd
nvd
added 2026/06/04 7:16 a.m.14 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS0.00245EPSS
Exploits0References1
Rows per page
Query Builder