Lucene search
K

78 matches found

OSV
OSV
added 2023/08/22 6:0 p.m.35 views

GHSA-J55R-787P-M549 Shescape on Windows escaping may be bypassed in threaded context

Impact This may impact users that use Shescape on Windows in a threaded context e.g. using Worker threads. The vulnerability can result in Shescape escaping or quoting for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This...

8.6CVSS7.4AI score0.00556EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2023/08/11 3:30 p.m.6 views

@blockmatic/eosio-ship-reader (>=0.3.0 <=1.2.0), @kongkong21/eosio-ship-reader (>=1.3.0 <=1.3.1) +4 more potentially affected by CVE-2021-29057 via node-worker-threads-pool (=1.4.3)

node-worker-threads-pool NPM version =1.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on node-worker-threads-pool and may be impacted: - @blockmatic/eosio-ship-reader =0.3.0, =1.3.0, =1.0.0, =0.0.2, =0.0.1, =1.0.53 Source cves: CVE-2021-29057 Source...

6.5CVSS6.5AI score0.00505EPSS
Exploits1
OSV
OSV
added 2023/08/11 3:30 p.m.5 views

GHSA-7VXC-Q7RV-QFJ8 SUCHMOKUO node-worker-threads-pool denial of service Vulnerability

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3 that allows attackers to cause a denial of service. This can be mitigated by manually creating a timeout. For example: ts const StaticPool = require"node-worker-threads-pool"; const staticPool = new...

6.5CVSS6.6AI score0.00505EPSS
Exploits1References3
Prion
Prion
added 2023/08/11 2:15 p.m.17 views

Denial of service

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service...

4.3CVSS6.3AI score0.00505EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/08/11 12:0 a.m.46 views

CVE-2021-29057

CVE-2021-29057 affects node-worker-threads-pool v1.4.3 via the StaticPool component, enabling a denial-of-service condition. Descriptions across multiple sources confirm the DoS impact but do not provide deep technical exploit details beyond that a DoS can be triggered. A practical mitigation men...

6.5CVSS6.3AI score0.00505EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/08/11 12:0 a.m.34 views

CVE-2021-29057

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service...

6.5AI score0.00505EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.5 views

node-worker-threads-pool Resource Management Error Vulnerability

node-worker-threads-pool is a simple worker threads pool using Node's workerthreads module by MOKUO Personal Developer. A security vulnerability exists in node-worker-threads-pool version 1.4.3, which stems from a security issue that allows an attacker to cause a denial of service DoS by exploiti...

6.5CVSS6.5AI score0.00505EPSS
Exploits1References2
Redos
Redos
added 2023/06/16 12:0 a.m.25 views

ROS-20230616-02

Vulnerability in libavcodec/pthreadframe.c component of FFmpeg multimedia library is related to memory usage after it is freed when processing worker threads with hwaccel decoder. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

8.1CVSS8.3AI score0.01512EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/03/31 1:57 a.m.5 views

SUSE CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

7.8CVSS7AI score0.01512EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2023/03/29 5:15 p.m.3 views

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

8.1CVSS7AI score0.01512EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2023/03/29 5:15 p.m.39 views

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

8.1CVSS7.1AI score0.01512EPSS
Exploits1References6
OSV
OSV
added 2023/03/29 5:15 p.m.13 views

UBUNTU-CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

8.1CVSS7.1AI score0.01512EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2023/03/29 12:0 a.m.49 views

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

8.1CVSS7.1AI score0.01512EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-31623

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...

5.9CVSS7.7AI score0.00222EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/01/25 12:0 a.m.6 views

The vulnerability of the worker_threads module in the Node.js software platform, related to incorrect input validation, allows a malicious actor to trigger a service failure.

The vulnerability of the workerthreads module in the Node.js software platform is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

3.3CVSS5.5AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/15 12:0 a.m.2 views

PT-2023-1174 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to incorrect input validation in the worker threads module of the Node.js platform. This can potentially allow an attacker to cause a denial of service. Recommendations...

1.7CVSS6.9AI score
Exploits0References2
GithubExploit
GithubExploit
added 2022/09/19 1:15 p.m.426 views

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...

8.8CVSS9.2AI score0.99077EPSS
Exploits24
RedHat Linux
RedHat Linux
added 2022/09/13 9:57 a.m.7 views

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...

5.5CVSS7.3AI score0.00222EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/08/02 10:9 a.m.4 views

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...

5.5CVSS7.3AI score0.00222EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.9 views

The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...

3.3CVSS6.5AI score0.00219EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder