Lucene search
K

340 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51890

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the ksmbd component of the Linux kernel during the durable v2 open process. When the parse durable handle context function handles a DURABLE REQ V2 request, it...

5.9AI score0.00188EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.9 views

CVE-2026-45536

A flaw was found in Netty, a network application framework. A local attacker could exploit a vulnerability in the nettyunixsocketrecvFd function when handling SCMRIGHTS messages in Epoll or KQueue DomainSocketChannel with DomainSocketReadMode.FILEDESCRIPTORS enabled. Incorrect handling of file...

4CVSS5.2AI score0.00136EPSS
Exploits0References6
CVE
CVE
added 2026/06/12 2:12 p.m.51 views

CVE-2026-45536

CVE-2026-45536 affects Netty, specifically Unix-domain socket fd reception in netty_unix_socket_recvFd. Prior to versions 4.1.135.Final and 4.2.15.Final, a peer-sent SCM_RIGHTS message containing two fds can cause both descriptors to leak due to a mismatch between cmsg_len checks and the actual f...

4CVSS5.2AI score0.00136EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/12 4:42 a.m.13 views

CVE-2026-45287

A flaw was found in OpenTelemetry-Go before schema package version 0.0.17. ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can...

5.5CVSS5.7AI score0.00168EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-45287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1...

5.5CVSS5.9AI score0.00168EPSS
Exploits1References4
NVD
NVD
added 2026/06/04 4:16 p.m.17 views

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

5.5CVSS0.00168EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/04 2:45 p.m.39 views

CVE-2026-45287 OpenTelemetry-Go's Schema ParseFile leaks file descriptors on each parse

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

2.1CVSS0.00168EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/04 2:45 p.m.7 views

CVE-2026-45287 OpenTelemetry-Go's Schema ParseFile leaks file descriptors on each parse

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

2.1CVSS5.4AI score0.00168EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:45 p.m.8 views

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

2.1CVSS5.8AI score0.00168EPSS
Exploits1References4Affected Software2
EUVD
EUVD
added 2026/06/04 2:45 p.m.12 views

EUVD-2026-34291

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

2.1CVSS5.8AI score0.00168EPSS
Exploits1References3
CVE
CVE
added 2026/06/04 2:45 p.m.35 views

CVE-2026-45287

OpenTelemetry-Go (Go implementation) prior to version 0.0.17 leaks one file descriptor per successful ParseFile call when parsing go.opentelemetry.io/otel/schema/v1.0 and v1.1. In long-running processes, repeated schema parsing without proper file closure can exhaust the process file descriptor l...

5.5CVSS5.8AI score0.00168EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

OpenTelemetry-Go 安全漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go prior to 0.0.17 contained a security vulnerability. This vulnerability stemmed from the fact that each successful ParseFile call would leak a file descriptor. Repeated parsing coul...

5.5CVSS5.3AI score0.00168EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/28 5:19 p.m.13 views

opentelemetry-go's Schema ParseFile leaks file descriptors on each parse

Summary go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file...

5.5CVSS5.9AI score0.00168EPSS
Exploits1References5Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44726

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions prior to 0.0.17 Description The go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 modules leak one file descriptor on each successful ParseFile call. This occurs because ParseFile opens the...

5.5CVSS5.8AI score0.00168EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 4 : Red Hat build of MicroShift 4.16.24 (RHSA-2024:10149)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10149 advisory. - runc: file descriptor leak CVE-2024-21626 Note that Nessus has not tested for this issue but has instead relied only on the application's...

8.6CVSS7AI score0.18087EPSS
Exploits18References5
SUSE CVE
SUSE CVE
added 2026/03/12 9:2 a.m.7 views

SUSE CVE-2024-14027

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...

5.5CVSS5.7AI score0.0021EPSS
Exploits1References7
Slackware Linux
Slackware Linux
added 2026/03/12 5:3 a.m.13 views

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.8.6-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libarchive: fix incompatibility with...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/09 6:31 p.m.7 views

EUVD-2024-55470

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...

5.6AI score0.0021EPSS
Exploits1References2
OSV
OSV
added 2026/03/09 4:16 p.m.3 views

DEBIAN-CVE-2024-14027

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...

5.5CVSS5.2AI score0.0021EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 3:51 p.m.2 views

CVE-2024-14027

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...

5.6AI score0.0021EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder