78 matches found
GHSA-J55R-787P-M549 Shescape on Windows escaping may be bypassed in threaded context
Impact This may impact users that use Shescape on Windows in a threaded context e.g. using Worker threads. The vulnerability can result in Shescape escaping or quoting for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This...
@blockmatic/eosio-ship-reader (>=0.3.0 <=1.2.0), @kongkong21/eosio-ship-reader (>=1.3.0 <=1.3.1) +4 more potentially affected by CVE-2021-29057 via node-worker-threads-pool (=1.4.3)
node-worker-threads-pool NPM version =1.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on node-worker-threads-pool and may be impacted: - @blockmatic/eosio-ship-reader =0.3.0, =1.3.0, =1.0.0, =0.0.2, =0.0.1, =1.0.53 Source cves: CVE-2021-29057 Source...
GHSA-7VXC-Q7RV-QFJ8 SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3 that allows attackers to cause a denial of service. This can be mitigated by manually creating a timeout. For example: ts const StaticPool = require"node-worker-threads-pool"; const staticPool = new...
Denial of service
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service...
CVE-2021-29057
CVE-2021-29057 affects node-worker-threads-pool v1.4.3 via the StaticPool component, enabling a denial-of-service condition. Descriptions across multiple sources confirm the DoS impact but do not provide deep technical exploit details beyond that a DoS can be triggered. A practical mitigation men...
CVE-2021-29057
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service...
node-worker-threads-pool Resource Management Error Vulnerability
node-worker-threads-pool is a simple worker threads pool using Node's workerthreads module by MOKUO Personal Developer. A security vulnerability exists in node-worker-threads-pool version 1.4.3, which stems from a security issue that allows an attacker to cause a denial of service DoS by exploiti...
ROS-20230616-02
Vulnerability in libavcodec/pthreadframe.c component of FFmpeg multimedia library is related to memory usage after it is freed when processing worker threads with hwaccel decoder. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
SUSE CVE-2022-48434
libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...
CVE-2022-48434
libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...
CVE-2022-48434
libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...
UBUNTU-CVE-2022-48434
libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...
CVE-2022-48434
libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...
SUSE CVE-2022-31623
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...
The vulnerability of the worker_threads module in the Node.js software platform, related to incorrect input validation, allows a malicious actor to trigger a service failure.
The vulnerability of the workerthreads module in the Node.js software platform is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
PT-2023-1174 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to incorrect input validation in the worker threads module of the Node.js platform. This can potentially allow an attacker to cause a denial of service. Recommendations...
Exploit for Argument Injection in Atlassian Bitbucket
CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...
mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...
mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...
The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.
The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...