CVE-2024-11144 Race Condition with LightFTP

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it...

CVE-2024-11144 Race Condition with LightFTP

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it...

LightFTP 安全漏洞

LightFTP is a lightweight FTP service by hfiref0x individual developers. A security vulnerability exists in LightFTP version 2.3, which stems from a lack of thread security on the server and can be caused to crash by anomalous data sent by an anonymous user from a remote network...

Denial of Service(DOS) in LangChainLLM due to missing exception handler.

Summary The streamcomplete method of the LangChainLLM class executes the llm using a thread and retrieves the result of the llm via the getresponsegen method of the StreamingGeneratorCallbackHandler class. During this process, getresponsegen recursively detects the onllmerror and onllmend events...

PT-2025-3335

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between reference pointers in the Linux kernel's ethernet oa tc6 module. This issue arises from the management of two skb pointers: waiting tx skb and ongoing tx...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49866)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49866 advisory. - In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuh...

org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

A flaw was found in Jetty's ThreadLimitHandler.getRemote. This flaw allows unauthorized users to cause remote denial of service DoS attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory...

HTTP Request Smuggling

Keycloak Server is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of proxy headers, allowing attackers to exploit non-IP values, leading to costly DNS resolution operations that can overload IO threads...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that stems from the inclusion of an unsafe privilege vulnerability. An attacker exploiting this vulnerability could execute arbitrary code to executorthread via a carefully crafted script...

PT-2024-23694 · Open Robotics · Ros2 +1

Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble Description: The issue allows a local attacker to execute arbitrary code via the initial pose sub thread created by nav2 bt navigator. This is due ...

op_panic in the base runtime can force a panic in the runtime's containing thread

Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime. It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic = msg = throw new...

GHSA-FWFX-RRV8-CRPF op_panic in the base runtime can force a panic in the runtime's containing thread

Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime. It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic = msg = throw new...

GHSA-4MW5-2636-4535 op_panic in the base runtime can force a panic in the runtime's containing thread

Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic...

Mozilla Firefox and Thunderbird Unauthorized Access Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. Mozilla Firefox and Thunderbird have an unauthorized access vulnerability that is caused by a missing thread synchronization primitive. An attacker cou...

path-to-regexp: Backtracking regular expressions cause ReDoS

A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, po...

SUSE CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

CVE-2024-53981 python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

ABB Cylon Aspect 3.08.01 diagLateThread.php Information Disclosure

ABB Cylon Aspect 3.08.01 diagLateThread.php Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management...

CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

DEBIAN-CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...