EUVD-2026-31685

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

EEF-CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Summary Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/...

CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

CVE-2024-29068 snapd non-regular file indefinite blocking read

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

CVE-2024-35197

CVE-2024-35197 affects the gitoxide project (gitoxide-core) and related advisories, describing a Windows-specific issue where fetching refs or checking out paths that collide with legacy device names can cause reads from devices or writes to devices. This can lead to indefinite blocking or the pr...

SUSE CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

PT-2023-27936 · Calico · Calico Typha +1

Name of the Vulnerable Software and Affected Versions: Calico Typha versions 3.26.2 and below Calico Typha version 3.25.1 Calico Enterprise Typha versions 3.17.1 and below Calico Enterprise Typha version 3.16.3 Calico Enterprise Typha version 3.15.3 Description: The issue arises when a client TLS...

PT-2023-26485 · Unknown · Dietpi-Dashboard

Name of the Vulnerable Software and Affected Versions: DietPi-Dashboard version 0.6.1 Description: The DietPi-Dashboard has a limitation where it only allows one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will wait indefinitely for a...

Medium: libvirt

Issue Overview: A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon...