CVE-2026-43429

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

Summary Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact...

EUVD-2020-6619

Malware in sbrugna...

EUVD-2022-1852

Malicious code in bioql PyPI...

CVE-2022-50193

CVE-2022-50193 concerns Linux kernel erofs: wake up all waiters after z_erofs_lzma_head is ready. The issue can cause the decompression thread to hang when mounting erofs a second time due to a sequence where Task A loads lzma config and fills z_erofs_lzma_head after Task B has already slept wait...

PT-2025-26119 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the erofs filesystem. The issue occurs when the user mounts the erofs filesystem for the second time, which may cause...

CVE-2005-4750

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service server thread hang via unknown attack vectors...

fugit 安全漏洞

fugit is a floraison open source time tool for Ruby, rufus-scheduler and flor. A security vulnerability exists in versions of fugit prior to 1.11.1, which stems from improper user input length checking, and may result in a thread being occupied for an extended period of time without being able to...

AZL-67761 CVE-2024-35971 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang The ks8851irq thread may call ks8851rxpkts in case there are any packets in the MAC FIFO, which calls netifrx. This netifrx implementation is guarded by...

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

CVE-2020-14483

A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security Versions 2.4.31, 2.4.45, 4.8.0.35 to corre...

CVE-2020-14483

CVE-2020-14483 describes a timeout during a TLS handshake that can prevent termination of the connection, causing a Niagara thread hang and necessitating a manual restart. Affected products are Tridium Niagara and Niagara Enterprise Security, specifically: Niagara 4.6.96.28, 4.7.109.20, 4.7.110.3...

Memory corruption

Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak...

CVE-2005-4750

CVE-2005-4750 affects BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier. It allows remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. The provided documents do not include concrete exploit details...