Linux Distros Unpatched Vulnerability : CVE-2026-45287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1...

DEBIAN-CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

CVE-2026-45287

CVE-2026-45287 affects the Go OpenTelemetry implementation. Prior to version 0.0.17, parsing a schema via go.opentelemetry.io/otel/schema/v1.0 or .../v1.1 leaks one file descriptor per successful ParseFile call because ParseFile opens the file and passes it to Parse without closing it, risking de...

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

Missing Release of File Descriptor or Handle after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...

Missing Release of File Descriptor or Handle after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...

Missing Release of File Descriptor or Handle after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...

Missing Release of File Descriptor or Handle after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...

GHSA-QF4G-9FQQ-MMM7 Absinthe: Unbounded atom creation from parsed directive name

Summary When Absinthe parses a GraphQL SDL document, every directive @ definition is converted into a freshly created atom without any allow-list or length cap. Because atoms are never garbage-collected and the BEAM has a hard 1,048,576 atom-table limit, any application that feeds...

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

EUVD-2026-28828

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

Ray 2.49.0 < 2.55.0 Remote Code Execution (CVE-2026-41486)

The version of Ray installed on the remote host is = 2.49.0 and prior to 2.55.0. It is, therefore, affected by a remote code execution vulnerability: - Ray Data registers custom Arrow extension types globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, i...

Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls arrowextdeserialize on the field's metadata bytes. Ray's...

XML External Entity (XXE)

GeoServer is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML entity resolution in schema parsing, which allows an attacker to exploit external entity references to access sensitive data or perform unauthorized actions...

EUVD-2024-3126

Malicious code in bioql PyPI...

Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in Apache Parquet (CVE-2025-30065).

Summary Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.15.1, which fixes the issue. Note: A Db2 server is not vulnerable to CVE-2025-30065 if the database manager...

Ubuntu: Security Advisory (USN-7659-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Apache Parquet vulnerabilities affect watsonx.data

Summary Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15...