AZL-76443 CVE-2026-24051 affecting package azl-otel-collector 0.127.0-1

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

OpenTelemetry-Go 代码问题漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.20.0 to 1.39.0 have code vulnerabilities. These vulnerabilities stem from path hijacking during the execution of the ioreg command in resource detection code, which may lead...

CVE-2024-27933 Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

SUSE CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

CVE-2020-25794 affecting package rust 1.39.0-7

CVE-2020-25794 affecting package rust 1.39.0-7. An upgraded version of the package is available that resolves this issue...

CVE-2020-25796 affecting package rust 1.39.0-7

CVE-2020-25796 affecting package rust 1.39.0-7. An upgraded version of the package is available that resolves this issue...

libuv: Buffer overflow

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv used an incorrect buffer size for paths, causing a buffer overflow. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of...