Lucene search
K

605 matches found

RedHat Linux
RedHat Linux
added 2026/02/10 12:58 p.m.7 views

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

7.1CVSS5.8AI score0.03493EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/10 12:54 p.m.4 views

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

7.1CVSS5.8AI score0.03493EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.6 views

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

7.1CVSS5.8AI score0.03493EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/04 5:48 p.m.5 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via the Buffer.allocUnsafe and Buffer.allocUnsafeSlow functions in the task runner process. An attacker can access sensitive in-process memory contents by executing untrusted code that allocates uninitializ...

7.7CVSS6.3AI score0.00364EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 5:48 p.m.3 views

GHSA-49MX-FJ45-Q3P6 n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

7.7CVSS5.9AI score0.00364EPSS
Exploits0References4
NVD
NVD
added 2026/02/04 5:16 p.m.5 views

CVE-2025-61917

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

7.7CVSS0.00364EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 4:46 p.m.5 views

CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

7.7CVSS5.4AI score0.00364EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/04 4:46 p.m.6 views

EUVD-2025-206795

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

7.7CVSS5.4AI score0.00364EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/04 4:46 p.m.2 views

CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

7.7CVSS5.4AI score0.00364EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 4:46 p.m.31 views

CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

7.7CVSS0.00364EPSS
Exploits0References2
CVE
CVE
added 2026/02/04 4:7 p.m.64 views

CVE-2026-23069

CVE-2026-23069 (Linux kernel) : In vsock/virtio, the credit calculation in virtio_transport_get_credit() can underflow when the peer’s advertised buffer (peer_buf_alloc) shrinks while data is in flight, potentially allowing more data to be queued than the peer can handle. The issue arises from un...

5.5CVSS5.4AI score0.00127EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/04 4:7 p.m.5 views

EUVD-2026-5475

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtiotransportgetcredit The credit calculation in virtiotransportgetcredit uses unsigned arithmetic: ret = vvs-peerbufalloc - vvs-txcnt - vvs-peerfwdcnt; If the peer shrinks its advertise...

5.4AI score0.00127EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. There were security vulnerabilities in versions of n8n from 1.65.0 to 1.114.3. These vulnerabilities stemmed from the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow to allocate uninitialized memory, which could lead ...

7.7CVSS6AI score0.00364EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/03 12:0 a.m.6 views

EUVD-2025-206706

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/confgtspec write operation, leading to...

6.2CVSS5.6AI score0.00136EPSS
Exploits0References2
NVD
NVD
added 2026/01/27 4:16 p.m.10 views

CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

5.9CVSS0.00403EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:1 p.m.5 views

CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

6AI score0.00403EPSS
Exploits1References6Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.4 views

CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

5.9CVSS6AI score0.00403EPSS
Exploits1
OSV
OSV
added 2026/01/26 2:47 p.m.7 views

BIT-NODE-MIN-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS6.1AI score0.03493EPSS
Exploits0References21
OSV
OSV
added 2026/01/26 2:47 p.m.8 views

BIT-NODE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS6.1AI score0.03493EPSS
Exploits0References21
OSV
OSV
added 2026/01/20 9:16 p.m.8 views

AZL-74979 CVE-2025-55131 affecting package nodejs for versions less than 20.14.0-13

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS7.4AI score0.03493EPSS
Exploits0References1
Rows per page
Query Builder