Lucene search
K

902 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5343 opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent in go.opentelemetry.io/ebpf-profiler

opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent in go.opentelemetry.io/ebpf-profiler...

5.9AI score0.00017EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 10:16 p.m.6 views

GHSA-F2R5-5M7W-P5CX opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent

Summary An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of servic...

6.2CVSS5.8AI score0.00017EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51617

Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...

6.2CVSS5.9AI score0.00017EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/12 7:33 p.m.33 views

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers took over more than 400 packages in the Arch User Repository AUR this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.12 views

CVE-2026-10722

A flaw was found in the cilium/ebpf Go library versions up to 0.21.0. An integer overflow in the loadRawSpec function btf/btf.go when parsing BTF collection specs can cause excessive memory allocation or parsing failure. A local attacker who can supply a crafted eBPF collection spec to an...

5.5CVSS5.2AI score0.00179EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.11 views

SUSE CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

7.5CVSS4.9AI score0.00179EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45682

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...

5.5CVSS5.3AI score0.00161EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45684

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...

5.3CVSS5.4AI score0.00172EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.5AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.12 views

CVE-2026-45678

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

7.5CVSS5.6AI score0.00342EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 10:27 p.m.17 views

Malicious code in weavedb-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a352d761eba6aa71b41fc09bb621d3f04e8c7c0e74487392a7c69e77719426b9 No concrete indicators of installer-side harm were identified in this version of weavedb-contracts. No lifecycle scripts, network beacons, credential...

6AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.15 views

SUSE CVE-2026-45678

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

7.5CVSS5.8AI score0.00342EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.11 views

SUSE CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

7.5CVSS5.7AI score0.00319EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.10 views

SUSE CVE-2026-45683

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kerne...

3.8CVSS5.7AI score0.00174EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.11 views

SUSE CVE-2026-45684

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...

5.3CVSS5.7AI score0.00172EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-10722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component...

5.5CVSS5.5AI score0.00179EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/03 4:1 p.m.10 views

CVE-2026-45686

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

7.5CVSS5.9AI score0.00354EPSS
Exploits1References1
NVD
NVD
added 2026/06/03 1:16 p.m.10 views

CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

5.5CVSS0.00179EPSS
Exploits1References9
OSV
OSV
added 2026/06/03 1:16 p.m.7 views

DEBIAN-CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

5.5CVSS5AI score0.00179EPSS
Exploits1References1
OSV
OSV
added 2026/06/03 1:16 p.m.16 views

UBUNTU-CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

5.5CVSS4.3AI score0.00179EPSS
Exploits1References2
Rows per page
Query Builder