93 matches found
Astra Linux - уязвимость в mariadb-10.3
MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs i.e., transitioning to the err label during the execution of the createworkerthreads method, the held lock thd-ctrlmutex is not released properly. This...
CVE-2026-7307 Keycloak: keycloak: denial of service via specially crafted saml input
A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...
OSV-2026-728 Stack-buffer-overflow in autoload_external_files
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512622269 Crash type: Stack-buffer-overflow READ 4 Crash state: autoloadexternalfiles loadexternaloptsthread workerthread...
Astra Linux - уязвимость в node-marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def might cause catastrophic backtracking against certain strings, leading to a regular expression denial of service ReDoS attack. Any user who runs untrusted markdown using a vulnerable version of...
CVE-2026-40968
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...
V8 BigInt SharedArrayBuffer Concurrency Synchronization
This JavaScript code is a concurrency demonstration using SharedArrayBuffer, Web Workers, and Atomics to coordinate execution between the main thread and a worker thread...
CVE-2026-40396
A flaw was found in Varnish Cache. A malicious client can exploit a 'workspace overflow' vulnerability by sending an HTTP/1 request, waiting for the session to release its worker thread, and then resuming traffic with multiple requests to trigger a pipelining operation. This can lead to a workspa...
io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability
A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...
MiracleLinux 8 : nodejs:22 (AXSA:2025-9681:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9681:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs...
MiracleLinux 8 : nodejs:20 (AXSA:2025-9674:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9674:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs...
Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write
A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the indefinite wait state in the HTTP response handling process. An attacker can cause worker threads to become permanently blocked by repeatedly closing HTTP connections while...
EUVD-2026-1178
Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...
CVE-2025-66560 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write
Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...
CVE-2025-66560 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write
Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...
CVE-2025-36934
In bigoworkerthread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-202844
In bigoworkerthread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-36934
In bigoworkerthread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-36934
In bigoworkerthread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-36934
CVE-2025-36934 is discussed in connected Google Project Zero posts as a 0-click/exploit chain involving the Dolby Unified Decoder (UDC) on Pixel devices. The vulnerability arises inside EMDF parsing in the UDC, where an attacker-controlled EMDF container can trigger a buffer overrun on the evo he...