130 matches found
CVE-2025-71011
An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-71011
An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-71011
An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the flow.Tensor.newempty, flow.Tensor.newones, and flow.Tensor.newzeros functions. An attacker can cause the application to crash or become unresponsive by providing specially crafte...
Security update for abseil-cpp
This update for abseil-cpp fixes the following issues: CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve, and rehash methods of absl:flat,nodehashset,map bsc1237543. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2026:0338-1 Security update for abseil-cpp
This update for abseil-cpp fixes the following issues: - CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve, and rehash methods of absl:flat,nodehashset,map bsc1237543...
EUVD-2025-206541
An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor
Summary A sandbox escape vulnerability due to AsyncFunction not being isolated in SandboxFunction Details The library attempts to sandbox code execution by replacing the global Function constructor with a safe, sandboxed version SandboxFunction. This is handled in utils.ts by mapping Function to...
CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
CVE-2022-23770
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...
OESA-2025-1234 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
AZL-76815 CVE-2025-0838 affecting package abseil-cpp for versions less than 20220623.0-2
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve, and rehash methods of absl::flat,nodehashset,map did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer...
AZL-76853 CVE-2025-0838 affecting package abseil-cpp 20240116.0-2
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve, and rehash methods of absl::flat,nodehashset,map did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer...
nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...
nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...
nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...
nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...
nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...
SUSE CVE-2025-23083
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...