93 matches found
PT-2025-7260 · Git +1 · Wavpack
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the following functions: get word, unpack samples, and...
PT-2025-7261 · Git +1 · Wavpack
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to a crash type of Object-size. The crash state involves the functions unpack dsd samples and unpack samples worker thread. No information is available about the...
RLSA-2025:1443 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
Important: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : nodejs:20 (RHSA-2025:1351)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1351 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
ALSA-2025:1351 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
BIT-NODE-2025-23083
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...
BIT-NODE-MIN-2025-23083
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...
BIT-NODE-2025-23090
Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083...
CVE-2025-23090
...
CVE-2025-23083
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...
CVE-2025-23083
CVE-2025-23083 affects Node.js v20/v22/v23 (with the diagnostics_channel utility) by allowing an attacker to hook into worker thread creation and access internal worker instances, including constructor retrieval, enabling malicious reuse. This is a local-access issue with high impact on confident...
CVE-2025-23083
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js versions 20, 22, and 23 that stems from the diagnosticschannel tool that can hook a worker thread to create an event, allowing an attacker to obtain an...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
CVE-2024-43900 media: xc2028: avoid use-after-free in load_firmware_cb()
In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in loadfirmwarecb syzkaller reported use-after-free in loadfirmwarecb 1. The reason is because the module allocated a struct tuner in tunerprobe, and then the module initialization failed, the...
CVE-2023-52903 io_uring: lock overflowing for IOPOLL
In the Linux kernel, the following vulnerability has been resolved: iouring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at iouring/iouring.c:734 iocqringeventoverflow+0x1c0/0x230 iouring/iouring.c:734 CPU: 0 PID: 28 Comm:...