CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1097 matches found

Opera Security Advisories•added 2023/09/27 12:0 a.m.•10 views

Where to find Opera’s Privacy and Security team online

Security Where to find Opera’s Privacy and Security team online Share September 27th, 2023 Hello everyone! Through this blog, we strive to offer timely updates and important information about Opera and our products. This helps us maintain an open line of communication with our users, particularly...

8.8CVSS6.8AI score0.05036EPSS

Exploits4References1

Spring Security Advisories•added 2023/09/20 12:0 a.m.•20 views

Hello, Java 21

Hi, Spring fans! Get the bits Before we get started, do something for me quickly. If you haven’t already, go install SKDMAN. Then run: sdk install java 21-graalce && sdk default java 21-graalce There you have it. You now have Java 21 and graalvm supporting Java 21 on your machine, ready to go. Ja...

6.9AI score

Exploits0

Spring Security Advisories•added 2023/09/19 12:0 a.m.•15 views

Spring Tips: Making the joyful jump to Java 21

Hi, Spring fans! Java 21 and GraalVM supporting Java 21 are at long last here! It's been a long time in coming, but Java 21 - which comes out later today on the 19th of September, 2023 - brings with it some of the most exciting new features of any Java release. In this video, I will look at some ...

6.7AI score

Exploits0

RedHat Linux•added 2023/09/12 11:7 a.m.•5 views

libcap: Memory Leak on pthread_create() Error

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory...

3.3CVSS6.7AI score0.0035EPSS

Exploits1References5

Spring Security Advisories•added 2023/09/12 12:0 a.m.•9 views

This Week in Spring - September 12th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 12th of September? I'm doing alright, elated, even. I've just returned from beautiful Oslo, Norway, and I've got a busy 30 days or so ahead, starting today. I'm visiting Seattle, WA; Mexico City, Mexico;...

6.8AI score

Exploits0

OSV•added 2023/09/11 8:43 p.m.•6 views

GHSA-36XM-35QQ-795W Inventory exposes reference to non-Sync data to an arbitrary thread

Affected versions do not enforce a Sync bound on the type of caller-provided value held in the plugin registry. References to these values are made accessible to arbitrary threads other than the one that constructed them. A caller could use this flaw to submit thread-unsafe data into inventory,...

7AI score

Exploits0References4

RustSec•added 2023/09/10 12:0 p.m.•3 views

Exposes reference to non-Sync data to an arbitrary thread

7AI score

Exploits0Affected Software1

Spring Security Advisories•added 2023/09/09 12:0 a.m.•14 views

All together now: Spring Boot 3.2, GraalVM native images, Java 21, and virtual threads with Project Loom,

This has been a very long time in coming, but finally we can create GraalVM native images that use Spring Boot via Spring Boot 3.2 and Java 21's virtual threads Project Loom! Why does all this matter? Each of these individual things, Project Loom, and GraalVM native images, offer compelling runti...

7.2AI score

Exploits0

UbuntuCve•added 2023/09/05 11:15 a.m.•26 views

CVE-2023-20897

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted...

5.3CVSS6.1AI score0.01033EPSS

Exploits0References2

PyPA•added 2023/09/05 11:15 a.m.•6 views

PYSEC-2023-166

5.3CVSS6.9AI score0.01033EPSS

Exploits0References2Affected Software1

Debian CVE•added 2023/09/05 10:56 a.m.•26 views

CVE-2023-20897

Removed by vendor...

5.3CVSS5.4AI score0.01033EPSS

Exploits0

The Hacker News•added 2023/08/29 2:38 p.m.•69 views

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom...

7AI score

Exploits0

Spring Security Advisories•added 2023/08/29 12:0 a.m.•15 views

My SpringOne 2023 Recap

Hi, Spring fans! Look, it's Monday after the first in-person SpringOne of the 2020s and the first since the pandemic, and, being honest, I'm bushed! Vegas is a dizzying, sensational, overwhelming, exciting experience, and SpringOne is too. But it was worth it. The SpringOne show surpassed all...

6.5AI score

Exploits0

OSV•added 2023/08/22 6:0 p.m.•32 views

GHSA-J55R-787P-M549 Shescape on Windows escaping may be bypassed in threaded context

Impact This may impact users that use Shescape on Windows in a threaded context e.g. using Worker threads. The vulnerability can result in Shescape escaping or quoting for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This...

8.6CVSS7.4AI score0.00556EPSS

Exploits1References6

vulnersOsv•added 2023/08/11 3:30 p.m.•4 views

@blockmatic/eosio-ship-reader (>=0.3.0 <=1.2.0), @kongkong21/eosio-ship-reader (>=1.3.0 <=1.3.1) +4 more potentially affected by CVE-2021-29057 via node-worker-threads-pool (=1.4.3)

node-worker-threads-pool NPM version =1.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on node-worker-threads-pool and may be impacted: - @blockmatic/eosio-ship-reader =0.3.0, =1.3.0, =1.0.0, =0.0.2, =0.0.1, =1.0.53 Source cves: CVE-2021-29057 Source...

6.5CVSS6.5AI score0.00505EPSS

Exploits1

OSV•added 2023/08/11 3:30 p.m.•2 views

GHSA-7VXC-Q7RV-QFJ8 SUCHMOKUO node-worker-threads-pool denial of service Vulnerability

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3 that allows attackers to cause a denial of service. This can be mitigated by manually creating a timeout. For example: ts const StaticPool = require"node-worker-threads-pool"; const staticPool = new...

6.5CVSS6.6AI score0.00505EPSS

Exploits1References3

Prion•added 2023/08/11 2:15 p.m.•16 views

Denial of service

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service...

4.3CVSS6.3AI score0.00505EPSS

Exploits1References1Affected Software1

CVE•added 2023/08/11 12:0 a.m.•43 views

CVE-2021-29057

CVE-2021-29057 affects node-worker-threads-pool v1.4.3 via the StaticPool component, enabling a denial-of-service condition. Descriptions across multiple sources confirm the DoS impact but do not provide deep technical exploit details beyond that a DoS can be triggered. A practical mitigation men...

6.5CVSS6.3AI score0.00505EPSS

Exploits1References1Affected Software1

CNNVD•added 2023/08/11 12:0 a.m.•3 views

node-worker-threads-pool Resource Management Error Vulnerability

node-worker-threads-pool is a simple worker threads pool using Node's workerthreads module by MOKUO Personal Developer. A security vulnerability exists in node-worker-threads-pool version 1.4.3, which stems from a security issue that allows an attacker to cause a denial of service DoS by exploiti...

6.5CVSS6.5AI score0.00505EPSS

Exploits1References2