PT-2025-31011 · Crates.Io · Static Cell

ConstStaticCell could have been used to pass non-Send values to another thread, because T was not required to be Send while ConstStaticCell is Send. This was corrected by introducing a T: Send bound...

AZL-65306 CVE-2025-50100 affecting package mysql for versions less than 8.0.43-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

AZL-65489 CVE-2025-50100 affecting package mysql for versions less than 8.0.43-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

UBUNTU-CVE-2025-50100

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Thread Pooling component. An attacker can disrupt service availability by sending specially crafted requests over the network with high privileges. Details Denial of Service DoS describes a family of attack...

RT-Thread Input Validation Error Vulnerability (CNVD-2025-16524)

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from an input validation error vulnerability that originates from the operation of the parameter how in the file rt-thread/components/lwp/lwpsyscall.c, which can be exploited by an attacke...

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which originates from improper access control of the Thread Pooling component, and can be exploited by an attacker to cause a partial denial of service...

RT-Thread buffer overflow vulnerability (CNVD-2025-16523)

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from a buffer overflow vulnerability that originates from the operation of the parameter timeout in the file rt-thread/components/lwp/lwpsyscall.c, which can be exploited by an attacker to...

PT-2025-29653

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.42 Oracle MySQL versions 8.4.0 through 8.4.5 Oracle MySQL versions 9.0.0 through 9.3.0 Description A difficult-to-exploit issue exists in the Server: Thread Pooling component of Oracle MySQL. A...

Exploit for CVE-2025-34085

CVE-2025-34085 Multi-Target RCE Scanner Mass-exploitation s...

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

...

GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption

...

CVE-2025-38261

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has the old SRSUM state restored. The issue was seen under heavy load...

CVE-2025-38261 riscv: save the SR_SUM status over switches

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has the old SRSUM state restored. The issue was seen under heavy load...

Compiler Optimization Removal or Modification of Security-critical Code

Overview Affected versions of this package are vulnerable to Compiler Optimization Removal or Modification of Security-critical Code due to a race condition in AESNI detection when certain compiler optimizations are applied. An attacker can extract sensitive cryptographic keys or perform...

Denial Of Service (DoS)

github.com/apache/trafficcontrol is vulnerable to Denial of Service DoS. The vulnerability is due to TCP connections on the DNS port remaining in the ESTABLISHED state indefinitely, which allows an attacker to exhaust the thread pool handling DNS requests and prevent the service from processing...

SUSE CVE-2025-38100

In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIFIOBITMAP inconsistencies iobitmapexit is invoked from exitthread when a task exists or when a fork fails. In the latter case the exitthread cleans up resources which were allocated during fork. iobitmapexit...

SUSE CVE-2025-38106

In the Linux kernel, the following vulnerability has been resolved: iouring: fix use-after-free of sq-thread in iouringshowfdinfo syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU: 0 UID: 0 PID: 304 Comm: a.out...

SUSE CVE-2025-38154

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending The sk-sksocket is not locked or referenced in backlog thread, and during the call to skbsendsock, there is a race condition with the release of sksocket. All types of...

DEBIAN-CVE-2025-38154

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending The sk-sksocket is not locked or referenced in backlog thread, and during the call to skbsendsock, there is a race condition with the release of sksocket. All types of...