Lucene search
K

900 matches found

OSV
OSV
added 2026/05/26 1:0 a.m.8 views

MAL-2026-4613 Malicious code in monade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32631bc0128011d7e526d2665460d2e4562c2d50602e38218e2ad3078635726a [email protected] advertises itself as a JavaScript monad/flow utility library cjs/index.js exports flow, of, opt, ka, dev, yet ships a 976KB UPX-packed...

6AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed potential improper dereferencing of pointers in bpfsysbpf. The bpfsysbpf helper function allows an eBPF program to load another eBPF program from within the kernel. In this case, the argument union bpfattr pointer...

5.5CVSS6.4AI score0.002EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ice: Avoid bpfprog refcount underflow The Ice driver includes routines for managing XDP resources that are shared between the ndobpf operation and the VSI rebuild flow. The latter occurs, for example, when the user changes the...

5.5CVSS5.9AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed the warning related to sk-skforwardalloc in skstreamkillqueues. When running testsockmap in selftests, the following warning appears: WARNING: CPU: 2 PID: 197 at net/core/stream.c:205...

5.5CVSS6.2AI score0.00165EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: mtkethsoc: Reset the progptr to oldprog in case of an error in mtkxdpsetup. Reset the eBPF program pointer to oldprog, and do not decrease its reference count if the mtkopen routine in mtkxdpsetup fails...

5.5CVSS5.2AI score0.00123EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first gain the ability to execute low-privilege code on the target system in order to exploit this vulnerability. The specific flaw lies in the handling of eBPF...

8.8CVSS7.4AI score0.00972EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 8:21 p.m.17 views

OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI

Summary A remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large values and adds the payload delimite...

7.5CVSS6.3AI score0.00354EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/18 8:17 p.m.6 views

GHSA-VVMG-8MJR-G6Q3 OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers

Summary OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. Details In...

4.9CVSS5.9AI score0.00172EPSS
Exploits1References4
OSV
OSV
added 2026/05/18 8:11 p.m.7 views

GHSA-89C6-VPCJ-7VJ4 OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU

Summary OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval. Details The vulnerable loop is in...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References4
OSV
OSV
added 2026/05/18 5:56 p.m.8 views

GHSA-8RRQ-WCG8-CV5Q OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

Summary OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis...

6.5CVSS5.9AI score0.00212EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/18 5:56 p.m.23 views

OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent

Summary OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. Details...

5.5CVSS5.9AI score0.00162EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.27 views

PT-2026-41783

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The Postgres protocol parser incorrectly assumes that BIND message payloads contain a valid NUL-terminated portal name. When processing a crafted empty or unterminated...

7.5CVSS6AI score0.00342EPSS
Exploits1References50
GithubExploit
GithubExploit
added 2026/05/16 4:18 p.m.159 views

ebpf-cve-analysis

eBPF CVE Analysis !polito-logoresources/images/logopolito...

7.8CVSS6AI score0.00349EPSS
Exploits1
Circl
Circl
added 2026/05/12 2:14 p.m.10 views

CVE-2026-45686

creationtimestamp| type| source ---|---|--- 2026-05-12 14:14:03+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-43g7-cwr8-q3jh 2026-06-02 18:01:50+00:00| seen|...

7.5CVSS5.7AI score0.00354EPSS
Exploits1References2
Circl
Circl
added 2026/05/12 2:13 p.m.10 views

CVE-2026-45685

creationtimestamp| type| source ---|---|--- 2026-05-12 14:13:53+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-j8p6-96vp-f3r9 2026-06-02 18:01:43+00:00| seen|...

7.5CVSS5.8AI score0.00463EPSS
Exploits1References2
Circl
Circl
added 2026/05/12 2:13 p.m.9 views

CVE-2026-45684

creationtimestamp| type| source ---|---|--- 2026-05-12 14:13:40+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-vvmg-8mjr-g6q3...

5.3CVSS5.8AI score0.00172EPSS
Exploits1References1
Circl
Circl
added 2026/05/12 2:12 p.m.11 views

CVE-2026-45682

creationtimestamp| type| source ---|---|--- 2026-05-12 14:12:38+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-962q-hwm5-52x5 2026-06-02 16:53:08+00:00| seen|...

5.5CVSS5.8AI score0.00161EPSS
Exploits1References2
Circl
Circl
added 2026/05/12 2:12 p.m.13 views

CVE-2026-45683

creationtimestamp| type| source ---|---|--- 2026-05-12 14:12:18+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-fjq3-ffvr-vm46 2026-06-02 17:31:17+00:00| seen|...

3.8CVSS5.8AI score0.00174EPSS
Exploits1References2
Circl
Circl
added 2026/05/12 2:11 p.m.10 views

CVE-2026-45680

creationtimestamp| type| source ---|---|--- 2026-05-12 14:11:52+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-89c6-vpcj-7vj4...

7.5CVSS5.8AI score0.00319EPSS
Exploits1References1
Circl
Circl
added 2026/05/12 2:11 p.m.12 views

CVE-2026-45679

creationtimestamp| type| source ---|---|--- 2026-05-12 14:11:30+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-8rrq-wcg8-cv5q...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References1
Rows per page
Query Builder