197 matches found
SUSE CVE-2026-45680
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...
CVE-2026-45680
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...
CVE-2026-45680
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...
OpenTelemetry eBPF Instrumentation 安全漏洞
OpenTelemetry eBPF Instrumentation is an open-source, eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the BPF probe’s reexecution...
BIT-PROMETHEUS-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-44903
CVE-2026-44903 affects Prometheus servers with the legacy web UI enabled. From 2.49.0 up to before 3.5.3 and 3.11.3, histogram heatmap axis tick labels aren’t escaped when inserting metric label values into HTML, allowing an attacker who can inject crafted metrics to run JavaScript in the browser...
Prometheus 跨站脚本漏洞
Prometheus is an open-source software developed in the Go language, used to create real-time metric databases built using the HTTP pull model. Versions of Prometheus from 2.49.0 to 3.5.3, as well as versions before 3.11.3, had a cross-site scripting vulnerability. This vulnerability stemmed from...
SUSE-SU-2026:2057-1 Security update for libpng16
This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021589)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021589 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings,...
Set Shaping Theory As a Complementary Payload-Shaping Layer for Steganography
This paper studies the use of Set Shaping Theory SST as a reversible payload-shaping layer for least significant bit LSB image steganography. The proposal is not intended to replace existing steganographic methods or to compete with them as a new embedding scheme. Instead, SST is positioned as a...
JLSEC-2026-498
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Ensure visibility when inserting an element into tracingmap. Running the following two commands in parallel on a multi-processor AArch64 machine may occasionally generate an unexpected warning regarding duplicate...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Tracing/histogram: Fixed a potential memory leak in kstrdup. The kfree function is not called in the error path, resulting in the memory allocated by kstrdup not being freed properly. p = param = kstrdupdata-paramsi, GFPKERNEL...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page upon returning from ‘mwifiexhistogramread’...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011020)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011020 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page on return from...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013102)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013102 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page on return from...