Lucene search
K

93 matches found

Positive Technologies
Positive Technologies
added 2025/02/15 12:0 a.m.3 views

PT-2025-7260 · Git +1 · Wavpack

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the following functions: get word, unpack samples, and...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/15 12:0 a.m.3 views

PT-2025-7261 · Git +1 · Wavpack

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to a crash type of Object-size. The crash state involves the functions unpack dsd samples and unpack samples worker thread. No information is available about the...

6.9AI score
Exploits0References2
OSV
OSV
added 2025/02/13 8:35 p.m.17 views

RLSA-2025:1443 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

7.7CVSS6.3AI score0.01327EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/02/12 3:32 p.m.17 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.7CVSS6.7AI score0.01327EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/12 12:0 a.m.10 views

RHEL 8 : nodejs:20 (RHSA-2025:1351)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1351 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

7.7CVSS6.6AI score0.01327EPSS
Exploits0References8
OSV
OSV
added 2025/02/12 12:0 a.m.16 views

ALSA-2025:1351 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

7.7CVSS5.7AI score0.01327EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2025/02/12 12:0 a.m.19 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

7.7CVSS6.8AI score0.01327EPSS
Exploits0References8
OSV
OSV
added 2025/01/27 7:15 a.m.14 views

BIT-NODE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

7.7CVSS6.8AI score0.00413EPSS
Exploits0References5
OSV
OSV
added 2025/01/27 7:15 a.m.12 views

BIT-NODE-MIN-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

7.7CVSS6.8AI score0.00413EPSS
Exploits0References5
OSV
OSV
added 2025/01/27 7:15 a.m.8 views

BIT-NODE-2025-23090

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083...

6.6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/22 1:11 a.m.4 views

CVE-2025-23090

...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2025/01/22 1:11 a.m.23 views

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

7.7CVSS0.00413EPSS
Exploits0References1
CVE
CVE
added 2025/01/22 1:11 a.m.356 views

CVE-2025-23083

CVE-2025-23083 affects Node.js v20/v22/v23 (with the diagnostics_channel utility) by allowing an attacker to hook into worker thread creation and access internal worker instances, including constructor retrieval, enabling malicious reuse. This is a local-access issue with high impact on confident...

7.7CVSS7.5AI score0.00413EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/01/22 1:11 a.m.13 views

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

7.7CVSS7.2AI score0.00413EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/22 12:0 a.m.2 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js versions 20, 22, and 23 that stems from the diagnosticschannel tool that can hook a worker thread to create an event, allowing an attacker to obtain an...

7.7CVSS6.9AI score0.00413EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/20 4:28 a.m.5 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/20 12:57 a.m.5 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/19 8:51 a.m.6 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/08/26 10:10 a.m.33 views

CVE-2024-43900 media: xc2028: avoid use-after-free in load_firmware_cb()

In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in loadfirmwarecb syzkaller reported use-after-free in loadfirmwarecb 1. The reason is because the module allocated a struct tuner in tunerprobe, and then the module initialization failed, the...

0.00214EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/21 6:10 a.m.29 views

CVE-2023-52903 io_uring: lock overflowing for IOPOLL

In the Linux kernel, the following vulnerability has been resolved: iouring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at iouring/iouring.c:734 iocqringeventoverflow+0x1c0/0x230 iouring/iouring.c:734 CPU: 0 PID: 28 Comm:...

0.00179EPSS
Exploits0References4
Rows per page
Query Builder