57 matches found
CVE-2025-15381
In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...
GHSA-FFQX-Q65F-36JF Grafana Tempo has Inadequate Encryption Strength
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Grafana thanks williamgoodfellow for reporting this vulnerability...
CVE-2026-28377
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...
S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...
CVE-2026-25528
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
CVE-2026-25528
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
Server-side Request Forgery (SSRF)
Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...
CVE-2026-25528
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
EUVD-2025-203699
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix null pointer dereference in bnxtbstracecheckwrap With older FW, we may get the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for FW trace data type that has not been initialized. This will result in a crash in...
UBUNTU-CVE-2025-68197
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix null pointer dereference in bnxtbstracecheckwrap With older FW, we may get the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for FW trace data type that has not been initialized. This will result in a crash in...
CVE-2025-68197
The CVE-2025-68197 issue affects the Linux kernel bnxt_en driver. It fixes a null pointer dereference in bnxt_bs_trace_check_wrap() that could occur when FW trace data type is uninitialized on older FW, leading to a crash in bnxt_bs_trace_type_wrap(). The patch adds a guard to verify a valid magi...
CVE-2025-68197 bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap()
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix null pointer dereference in bnxtbstracecheckwrap With older FW, we may get the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for FW trace data type that has not been initialized. This will result in a crash in...
EUVD-2021-25436
Malware in sbrugna...
EUVD-2006-4925
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-38649
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinit...
CVE-2025-38649
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresightfindactivatedsysfssink function is...
PT-2025-2827 · Ibm · Ibm App Connect Enterprise
Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 12.0.1.0 through 12.0.7.0 IBM App Connect Enterprise version 13.0.1.0 Description: The issue allows a privileged user to obtain JMS credentials under certain configurations. This is related to improper...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release
A new version of Red Hat OpenShift distributed tracing platform Tempo has been released Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures b...
Citrix CDFControl Service How to Save Logs On A UNC Network Share
Sometimes it may be necessary to save trace data to a shared network folder, for example, crash/hang issues with non-persistent VDAs or due to local disk space constraints...
CVE-2021-47274 tracing: Correct the length check which causes memory corruption
In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: 1640542.554277 general protection fault: 0000 1...