2507 matches found
CVE-2026-45287
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...
CVE-2026-45287
CVE-2026-45287 affects the Go OpenTelemetry implementation. Prior to version 0.0.17, parsing a schema via go.opentelemetry.io/otel/schema/v1.0 or .../v1.1 leaks one file descriptor per successful ParseFile call because ParseFile opens the file and passes it to Parse without closing it, risking de...
CVE-2026-45287 OpenTelemetry-Go's Schema ParseFile leaks file descriptors on each parse
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...
CVE-2026-45287
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...
EUVD-2026-34291
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...
Linux Distros Unpatched Vulnerability : CVE-2026-45966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file...
SUSE CVE-2026-46118
In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix null ptr deref in paprhvpipedevcreatehandle commit 6d3789d347a7 "papr-hvpipe: convert paprhvpipedevcreatehandle to FDPREPARE", changed the create handle to FDPREPARE, but it caused kernel null-ptr-deref...
Missing Release of File Descriptor or Handle after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...
GHSA-995V-FVRW-C78M opentelemetry-go's Schema ParseFile leaks file descriptors on each parse
Summary go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file...
Missing Release of File Descriptor or Handle after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...
Missing Release of File Descriptor or Handle after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...
opentelemetry-go's Schema ParseFile leaks file descriptors on each parse
Summary go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file...
EUVD-2026-32877
In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix null ptr deref in paprhvpipedevcreatehandle commit 6d3789d347a7 "papr-hvpipe: convert paprhvpipedevcreatehandle to FDPREPARE", changed the create handle to FDPREPARE, but it caused kernel null-ptr-deref...
SUSE CVE-2026-45966
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
PT-2026-44726
Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions prior to 0.0.17 Description The go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 modules leak one file descriptor on each successful ParseFile call. This occurs because ParseFile opens the...
EUVD-2026-32393
In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...
CVE-2026-45966
Summary: CVE-2026-45966 pertains to a regression in AppArmor on Linux kernels (6.17+) where a NULL pointer dereference could occur in __unix_needs_revalidation() when handling SCM_RIGHTS file descriptors, if both sock and sock->sk are NULL during socket setup/teardown. The crash path involves ...
CVE-2026-45932
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...
PT-2026-43696
libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...
CVE-2026-46013
mm/memfdluo: fix physical address conversion in putfolios cleanup...