CVE-2025-23090

CVE-2025-23090 is withdrawn as a duplicate of CVE-2025-23083. Connected records confirm CVE-2025-23083 affects Node.js packages for versions before 20.14.0-4, with patches available in advisory channels (nodejs20). These sources describe the same underlying issue and provide remediation guidance ...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

PT-2025-4820 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions 20, 22, and 23 Description: The issue allows attackers to misuse the diagnostics channel utility, accessing internal worker threads for malicious purposes. This is not limited to workers but also exposes internal workers, whe...

The vulnerability of the Security Account Manager (SAM) on Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Security Account Manager SAM on Windows operating systems is related to mutual blocking of execution threads. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2024-56779 nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4openowner leak when concurrent nfsd4open occur The action force umountumount -f will attempt to kill all rpctask even umount operation may ultimately fail if some files remain open. Consequently, if an action attemp...

This Week in Spring - January 7th, 2025

Hi, Spring fans, and happy new year! It's been another super seven days since we last spoke and, as always, there's a lot to cover so let's dive right into it! A long time in coming, but it's finally here! Hello DCO, Goodbye CLA: Simplifying Contributions to Spring the Spring AI hits just keep on...

PT-2026-2880

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to kexec functionality on PowerPC architectures. Specifically, if Simultaneous Multi-Threading SMT is disabled or partially enabled, attempting ...

CVE-2024-56670

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fix the issue that gsstartio crashed due to accessing null pointer Considering that in some extreme cases, when userial driver is accessed by multiple threads, Thread A is executing the open operation and...

CVE-2024-56613

In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma-numabstate Problem Description When running the hackbench program of LTP, the following memory leak is reported by kmemleak. /opt/ltp/testcases/bin/hackbench 20 thread 1000...

CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

CVE-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

A vulnerability was found in the dotaskstat function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness...

CVE-2024-33053

Memory corruption when multiple threads try to unregister the CVP buffer at the same time...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from a potential memory corruption when multiple threads attempt to deregister the CVP buffer at the same time, without a proper synchronization mechanism...

PT-2024-25096 · Qualcomm · Snapdragon +56

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue occurs due to memory corruption when multiple threads attempt to unregister the CVP buffer simultaneously. This can lead to unpredictable behavior and potential security risks...

Race Condition

Overview minio is a MinIO Python SDK for Amazon S3 Compatible Cloud Storage Affected versions of this package are vulnerable to Race Condition due to improper handling of shared resources in worker threads via the helpers.py function. An attacker can exploit this by initiating multiple asynchrono...

Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in IBM Java SE

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager v4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...

Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

Keycloak versions 26 and earlier are vulnerable to a denial-of-service DoS attack through improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This can lead to cost...

GHSA-PCX7-8HXG-J823 Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack...