Author Archives: Syndicated News

Tune into XBOX Games Showcase June 7

Posted on by No Comments ↓

On June 7, the annual XBOX Games Showcase returns, offering a look at what’s next from XBOX and its partners.

This year marks 25 years of XBOX, and this Showcase is poised to be a true celebration, offering world premieres, new gameplay, fresh upd

The post Tune into XBOX Games Showcase June 7 appeared first on Windows Blog.

Continue reading Tune into XBOX Games Showcase June 7

Tune into XBOX Games Showcase June 7

Posted on by No Comments ↓

On June 7, the annual XBOX Games Showcase returns, offering a look at what’s next from XBOX and its partners.

This year marks 25 years of XBOX, and this Showcase is poised to be a true celebration, offering world premieres, new gameplay, fresh upd

The post Tune into XBOX Games Showcase June 7 appeared first on Windows Experience Blog.

Continue reading Tune into XBOX Games Showcase June 7

Introducing Surface Laptop Ultra: Made for world makers

Posted on by No Comments ↓

The world is full of makers. Only a few make the world.

Surface Laptop Ultra is for them.

For those building the systems, the breakthroughs and the infrastructure the world runs on and gets changed by. The ones who see limits as flaws and have the

The post Introducing Surface Laptop Ultra: Made for world makers appeared first on Microsoft Devices Blog.

Continue reading Introducing Surface Laptop Ultra: Made for world makers

Introducing Surface Laptop Ultra: Made for world makers

Posted on by No Comments ↓

The world is full of makers. Only a few make the world.

Surface Laptop Ultra is for them.

For those building the systems, the breakthroughs and the infrastructure the world runs on and gets changed by. The ones who see limits as flaws and have the

The post Introducing Surface Laptop Ultra: Made for world makers appeared first on Windows Blog.

Continue reading Introducing Surface Laptop Ultra: Made for world makers

CVE-2025-23167 A flaw in Node.js 20’s HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.

Posted on by No Comments ↓

Information published. Continue reading CVE-2025-23167 A flaw in Node.js 20’s HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.

The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.

Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.

CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a “read-only” file descriptor to change the owner and permissions of a file.

Posted on by No Comments ↓

Information published. Continue reading CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-write flag is used.

Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a “read-only” file descriptor to change the owner and permissions of a file.

CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Posted on by No Comments ↓

Information published. Continue reading CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-read flag is used.
This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.