SUSE CVE-2026-45682

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...

GHSA-962Q-HWM5-52X5 OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

Summary The custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. Details Th...

Symbol confusion after hasher panic in `intaglio` interners

Affected versions of this crate can leave all SymbolTable variants in an internally inconsistent state if a custom BuildHasher panics during HashMap::insert and the caller recovers with catchunwind. The intern implementations committed a vec.push... before the matching map.insert... completed. If...

RUSTSEC-2026-0078 Symbol confusion after hasher panic in `intaglio` interners

Affected versions of this crate can leave all SymbolTable variants in an internally inconsistent state if a custom BuildHasher panics during HashMap::insert and the caller recovers with catchunwind. The intern implementations committed a vec.push... before the matching map.insert... completed. If...

GHSA-2HCP-GJRF-7FHC Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

DefaultHtmlErrorResponseBodyProvider in io.micronaut:micronaut-http-server since 4.7.0 and until 4.10.7 used an unbounded ConcurrentHashMap cache with no eviction policy. If the application throws an exception whose message may be influenced by an attacker, for example, including request query...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : abseil-cpp (SUSE-SU-2026:0338-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0338-1 advisory. - CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve, and rehash methods of...

MiracleLinux 7 : java-11-openjdk-11.0.13.0.8-1.el7 (AXSA:2021-2490:12)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2490:12 advisory. OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using...

GHSA-RHFX-M35P-FF5J `IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

`IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

EUVD-2025-205218

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the BPF LRU hash map not freeing allocated elements in the event of a bucket lock failure, potentially leadi...

EUVD-2021-1854

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-25573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint...

DEBIAN-CVE-2025-53603

In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body...

Medium: abseil-cpp

Issue Overview: There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve, and rehash methods of absl::flat,nodehashset,map did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would caus...

CVE-2020-25573

An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint...

Malicious code in concurrent-hashmap (npm)

This package runs a post-install script that exfils sensitive data to a attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b043630941c12131f7d10fdb97608a15c397c2cf21e74116aa2fd89a1840a58e Any computer that has this package installed or runni...

Hash Collision Attack

io.netty.incubator, netty-incubator-codec-quic is vulnerable to Hash Collision Attack. The vulnerability is due to a hash collision in the hash map used to manage connections, which allows remote attackers to perform a Hash DoS attack by initiating connections with colliding Source Connection IDs...

CVE-2024-58088 bpf: Fix deadlock when freeing cgroup storage

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a "bpf: Prevent deadlock from recursive bpftaskstorageget|delete" first introduced deadlock prevention for fentry/fexit programs attaching on...

AZL-76815 CVE-2025-0838 affecting package abseil-cpp for versions less than 20220623.0-2

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve, and rehash methods of absl::flat,nodehashset,map did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer...