SUSE CVE-2025-27421

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()

Impact Due to lack of limits by default in the explode function, malicious clients were able to abuse some packets to waste server CPU and memory. This is similar to a previous security issue published in https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-gj94-v4p9-w672, but with a...

Unexpected memory consumption during token parsing in golang.org/x/oauth2

...

CVE-2025-27421

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

Linux Distros Unpatched Vulnerability : CVE-2024-47874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a...

Linux Distros Unpatched Vulnerability : CVE-2024-32663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount ...

Linux Distros Unpatched Vulnerability : CVE-2019-14235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri...

Linux Distros Unpatched Vulnerability : CVE-2015-8978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting ...

CVE-2025-27421

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

CVE-2025-27421 Goroutine Leak in Abacus SSE Implementation

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

CVE-2025-27421 Goroutine Leak in Abacus SSE Implementation

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

CVE-2025-27421

CVE-2025-27421 describes a goroutine leak in Abacus SSE: when clients disconnect from /stream, the server fails to clean up resources and terminate goroutines, causing resource exhaustion and eventual inability to accept new SSE connections with high memory usage. The fixed version is Abacus v1.4...

Security update for skopeo

This update for skopeo fixes the following issues: CVE-2025-27144: excessive memory consumption by Go JOSE when parsing compact JWS or JWE input containing a large number of '.' characters bsc1237613. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods li...

Advisory ROSA-SA-2025-2751

Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-18.rv3.2 CVE-ID: CVE-2023-39615 BDU-ID: 2023-05968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlsax2startelement function of the libxml2 library is caused by a buffer overflow. Exploitation of the...

SUSE CVE-2022-49052

In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONEVM cloning, user process can be corrupted by seeing zeroed page unexpectedly. CPU A CPU B doswappage doswappage SWPSYNCHRONOUSIO path SWPSYNCHRONOUSIO...

AZL-57362 CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57407 CVE-2025-22868 affecting package cert-manager for versions less than 1.11.2-20

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

Erlang/OTP 安全漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library can catch exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP that stems from not properly validating SFTP packet sizes, which can result in...

Advisory ROSA-SA-2025-2692

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 packageevrstring: gnutls-3.6.16-8 CVE-ID: CVE-2021-20231 BDU-ID: 2022-00206 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the keyshare extension of the GnuTLS transport layer security library is related to memory usage after it has been freed...

Advisory ROSA-SA-2025-2689

Software: scipy 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: scipy-1.0.0-21.0.2 CVE-ID: CVE-2023-29824 BDU-ID: 2024-07432 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyFindObjects function of the PyFindObjects library for the open source Python programming language scipy is relat...