RT-Thread 访问控制错误漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. An access control error vulnerability exists in RT-Thread version 5.1.0 and earlier, which stems from improper handling of parameters in the systhreadcreate function, resulting in a risk of local informati...

Vulnerability of the Server: Thread Pooling component of the Oracle MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the Server:Thread Pooling component of the Oracle MySQL Server database management system is related to the exhaustion of memory resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through network packets...

CVE-2022-29503

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability...

CVE-2020-11234

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consum...

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously...

CVE-2024-31446

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

Hyper-V Resilient Change Tracking Performance Issues

Challenge General Hyper-V OS performance degradation can occur when using a backup solution to export Hyper-V VM snapshots during backup operations. Solution Based on investigations between Veeam and Microsoft, two underlying causes have been identified. Resilient Change Tracking Resilient Change...

Technitium DNS Server 安全漏洞

Technitium DNS Server is an open source authoritative and recursive DNS server from the Technitium team. It can be used to self-host DNS servers for privacy and security. A security vulnerability exists in Technitium DNS Server v13.2.2 and earlier versions that originated from allowing a remote...

PT-2025-20511

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been identified where the task management thread accesses an invalid queue ID, set by the reset thread, which points to unallocated memory, causing a cras...

CVE-2025-21673 smb: client: fix double free of TCP_Server_Info::hostname

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server-hostnam...

SUSE-SU-2025:0279-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Upgrade to upstream tag jdk-21.0.6+7 January 2025 CPU Security fixes: - CVE-2025-21502: Enhance array handling JDK-8330045, bsc1236278 Other changes: - JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows...

PT-2025-5665 · Git +1 · Opencv

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash has been reported with an UNKNOWN READ crash type. The crash state involves several functions, including cv::PngDecoder::compose frame,...

The vulnerability of the Linux operating system’s kernel, related to errors in thread locking, allows a hacker to trigger a service failure.

The vulnerability of the Linux operating system’s kernel is related to errors during thread blocking. Exploiting this vulnerability can allow an attacker to cause a service failure...

BIT-NODE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

BIT-NODE-MIN-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

BIT-NODE-2025-23090

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083...

CVE-2025-23090

...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083

CVE-2025-23083 affects Node.js v20/v22/v23 (with the diagnostics_channel utility) by allowing an attacker to hook into worker thread creation and access internal worker instances, including constructor retrieval, enabling malicious reuse. This is a local-access issue with high impact on confident...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...