AZL-73736 CVE-2025-14017 affecting package cmake for versions less than 3.30.3-11

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

UBUNTU-CVE-2025-14017

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

CVE-2025-14017 broken TLS options for threaded LDAPS

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

CVE-2025-14017 broken TLS options for threaded LDAPS

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

CVE-2025-14017

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

CVE-2025-14017

CVE-2025-14017 (libcurl/curl) : In multi-threaded LDAPS transfers, changing TLS options in one thread can affect globally, impacting other concurrently configured transfers. This cross-thread side effect may also cause a per-transfer certificate verification setting to inadvertently disable featu...

CVE-2025-66560

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...

Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...

GHSA-5RFX-CP42-P624 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the indefinite wait state in the HTTP response handling process. An attacker can cause worker threads to become permanently blocked by repeatedly closing HTTP connections while...

CVE-2025-66560

The CVE-2025-66560 entry describes a Quarkus REST HTTP-layer vulnerability where, during response writing, the framework waits for prior chunks to finish transmission. If the client closes the connection mid-wait, the worker thread is not released and becomes blocked, potentially exhausting worke...

EUVD-2026-1178

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...

CVE-2025-66560 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...

CVE-2025-66560 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...

CVE-2025-1115

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function...

broken TLS options for threaded LDAPS

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications open-sourced by Quarkus. A security vulnerability exists in Quarkus versions prior to 3.31.0, prior to 3.27.2, and prior to 3.20.5, which stems from improper handling of HTTP tier responses and could lead to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000294)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000294 advisory. In binderthreadread of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no...

PT-2026-1858

Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.31.0 Quarkus versions prior to 3.27.2 Quarkus versions prior to 3.20.5 Description Quarkus is a Cloud Native framework for Java applications. A flaw exists in the HTTP layer related to response handling. When writin...

Directory Traversal

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Directory Traversal via the updatethreadelement and deletethreadelement handlers in backend/chainlit/server.py. An authenticated attacker can read arbitrary files from the server by sending a craft...