Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40891

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...

5.3CVSS5.4AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43868

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description Two issues exist in the pt5161l read block data function within the hwmon component. First, a buffer overrun occurs because...

7.8CVSS6.2AI score0.00129EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.13 views

SUSE CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References15
EUVD
EUVD
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28668

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

5.8AI score0.00217EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/05 5:58 a.m.9 views

kernel: nvme: avoid double free special payload

In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQFSPECIALLOAD when the request is cleaned...

7.8CVSS6.3AI score0.00248EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/24 2:29 a.m.6 views

Memory Allocation with Excessive Size Value

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the grpc-status-details-bin parsing process during OTLP/gRPC retry handling. An attacker can cause...

6CVSS5.5AI score0.00192EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/23 9:40 p.m.17 views

OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

Summary When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could encode an extremely large length-delimited protobuf field which was used...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 5:54 p.m.3 views

CVE-2026-40891 OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 5:54 p.m.146 views

CVE-2026-40891

OpenTelemetry dotnet (OpenTelemetry .NET telemetry framework) contains a vulnerability in versions 1.13.1 through before 1.15.2. During OTLP/gRPC export, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. A malformed trailer could encode a very large l...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/23 5:54 p.m.38 views

CVE-2026-40891 OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...

5.3CVSS0.00192EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

OpenTelemetry .NET 安全漏洞

OpenTelemetry .NET is the .NET client of OpenTelemetry by OpenTelemetry Inc. There were security vulnerabilities in the version of OpenTelemetry .NET from 1.13.1 to 1.15.2. These vulnerabilities stemmed from the gRPC exporter’s ability to parse the grpc-status-details-bin trailer provided by the...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 3:31 p.m.7 views

EUVD-2026-24758

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place...

5.6AI score0.00342EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 1:53 p.m.17 views

CVE-2026-31435

Summary: CVE-2026-31435 affects the Linux kernel netfs read-abandonment path during retries. The root cause is an uninitialized/invalid subreq pointer used in the abandonment flow, which can lead to abandoning remaining subrequests incorrectly and may cause a kernel oops/DoS. Several connected ad...

8.8CVSS5.6AI score0.00342EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The...

8.8CVSS6.1AI score0.00342EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 10:16 p.m.4 views

CVE-2026-28481

OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader optional extension must be enabled that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403...

7.5CVSS5.8AI score
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/08 12:46 a.m.8 views

CVE-2025-40320

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2queryinfocompound When smb2queryinfocompound retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay, later cleanup could act o...

5.2AI score0.00156EPSS
Exploits0
OSV
OSV
added 2025/11/26 2:28 p.m.2 views

SUSE-SU-2025:21145-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 - CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Other fixes: - tooloperate: fix...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References8
OSV
OSV
added 2025/09/04 4:15 p.m.8 views

DEBIAN-CVE-2025-38730

In the Linux kernel, the following vulnerability has been resolved: iouring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. iouring deals with this and invalidates them on retry. But on the...

7.8CVSS6.4AI score0.00151EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/04/27 12:30 p.m.62 views

Nuclei - Nuclei Is A Fast Tool For Configurable Targeted Scanning Based On Templates Offering Massive Extensibility And Ease Of Use

Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nucle...

7.5AI score
Exploits0References10
Rows per page
Query Builder