Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS5.3AI score0.00212EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-47269

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

7.4CVSS5.6AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.12 views

CVE-2026-45685

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...

7.5CVSS5.4AI score0.00463EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.15 views

SUSE CVE-2026-45678

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

7.5CVSS5.8AI score0.00342EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/03 4:1 p.m.10 views

CVE-2026-45686

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

7.5CVSS5.9AI score0.00354EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/02 3:25 p.m.11 views

EUVD-2026-33958

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...

7.5CVSS5.8AI score0.00463EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:24 p.m.10 views

CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS5.7AI score0.00212EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/02 3:24 p.m.11 views

EUVD-2026-33952

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

7.5CVSS5.9AI score0.00342EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:23 p.m.8 views

CVE-2026-45676

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section...

5.5CVSS5.8AI score0.00162EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2025/05/29 5:15 p.m.13 views

PYSEC-2025-43

vLLM is an inference and serving engine for large language models LLMs. In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image...

7.3CVSS6.8AI score0.00266EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2025/05/29 5:15 p.m.16 views

PYSEC-2025-53

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First Token. These timing differences...

2.6CVSS6.8AI score0.00247EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder