106 matches found
EUVD-2025-7127
Malicious code in bioql PyPI...
ROS-20250825-04
A vulnerability in ASGI Starlette toolkit for creating asynchronous Python web services is related to blocking the main thread for transferring a file to disk. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
CVE-2025-53948
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...
CVE-2025-53948
CVE-2025-53948 pertains to the Sante PACS Server, where a remote attacker can crash the main thread by sending a crafted HL7 message, resulting in a denial-of-service condition. The vulnerability enables unauthenticated remote impact and requires a manual restart to restore service. Multiple sour...
CVE-2025-53948 Santesoft Sante PACS Server Double Free
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...
CVE-2025-54121
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
CVE-2025-54121
CVE-2025-54121 affects Starlette (Python, ASGI). In versions 0.47.1 and older, multipart form parsing of large files can cause the main event loop to stall while rolling the file to disk, because UploadFile incorrectly checks file-in-memory status and whether additional bytes trigger a rollover. ...
CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
Starlette has possible denial-of-service vector when parsing large files in multipart forms
Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...
CVE-2024-10110
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...
Aim Vulnerable to Denial of Service (DoS)
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...
Denial of Service (DoS)
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Denial of Service DoS due to the ScheduledStatusReporter object being instantiated to run on the main thread of the tracking server. An attacker can block the main...
CVE-2024-10110
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...
CVE-2024-10110
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...
CVE-2024-10110 Denial of Service in aimhubio/aim
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...
CVE-2024-10110 Denial of Service in aimhubio/aim
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...
CVE-2024-10110
The CVE-2024-10110 issue affects aimhubio/aim (version 3.23.0) where the ScheduledStatusReporter can be instantiated to run on the tracking server’s main thread, blocking it and causing DoS by making the server unresponsive to other requests. Multiple connected sources corroborate the description...
path-to-regexp: Backtracking regular expressions cause ReDoS
A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, po...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mass storage function attempting to queue requests from the main thread, but other threads may have disabl...
CVE-2024-28243
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...