EEF-CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Summary Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/...

EUVD-2026-31685

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

PT-2026-43109

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description The remote image blocking feature can be bypassed using a crafted CSS var value within an e-mail message. This bypass may result in...

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions 1.6.14 through 1.6.16 and prior to 1.7.1, which stems from the remote image...

PT-2026-43108

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1 Description Remote image blocking is not honored for URLs pointing to local or private destinations. This issue can be triggered via a text/html email...

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The warning message “Do not call blocking operations when !TASKRUNNING” has been fixed. The waiteventtimeout function will set the state of the current task to TASKUNINTERRUPTIBLE before performing the condition check. Thi...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: aio: Fixed a use-after-free due to missing POLFREE handling. signalfdpoll and binderpoll are special because they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

Astra Linux - уязвимость в tomcat9

The simplified implementation of blocking reads and writes introduced in Tomcat 10, and backported to Tomcat 9.0.47 and later versions, exposed a long-standing but extremely difficult to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60, and...

Astra Linux - уязвимость в linux-astra-modules-5.10, linux-astra-modules-5.15, linux-astra-modules-6.1

The vulnerability of Linux Astra Modules relates to errors during thread blocking. Exploiting this vulnerability allows an attacker to compromise data integrity and also cause service failures through the use of a specially created file system...

Astra Linux - уязвимость в exim4

In versions of Exim up to 4.97.1, Misparse processes multi-line RFC 2231 header filenames. As a result, remote attackers can bypass the protection mechanism that blocks $mimefilename extensions, and potentially deliver executable attachments to the mailboxes of end users...

Astra Linux - уязвимость в thunderbird

It was possible to create an email that included a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird would automatically access the link. The configuration to block remote content did not prevent this behavior. Thunderbird has been updated to no longer allo...

Astra Linux - уязвимость в linux

A vulnerability was discovered in the Linux kernel, where the non-blocking socket operation in llcpsockconnect leads to a leak and ultimately causes the system to hang...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mmc: vub300: fix warning – do not call blocking ops when !TASKRUNNING vub300enablesdioirq works with a mutex and requires TASKRUNNING. Ensure that we mark the current context as TASKRUNNING for sleepable contexts. 77.554641 Do...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Converting the blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding/removing...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Do not check if plane-state-fb == state-fb Currently, when using non-blocking commits, the following kernel warning is observed: 110.908514 ------------ Cut here ------------ 110.908529 refcountt: Underflow; Use after...

Astra Linux - уязвимость в webkit2gtk

A logic issue has been resolved through improved validation. This issue is fixed in macOS Ventura 13.3. The Content Security Policy may fail when blocking domains that use wildcards...