SUSE CVE-2025-11375

Consul and Consul Enterprise's “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

AZL-77985 CVE-2026-27171 affecting package blosc 1.21.6-1

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...

Consul event endpoint is vulnerable to denial of service

Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

CVE-2025-11374

Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

CVE-2025-11375

CVE-2025-11375 affects HashiCorp Consul and Consul Enterprise. The issue is a DoS vulnerability in the event endpoint caused by lack of a maximum value on the Content-Length header. Affected versions include Consul Community Edition up to 1.21.5 and Consul Enterprise up to 1.21.5, with fixes in C...

Temporal Server Denial of Service

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

GHSA-WMXC-V39R-P9WF Temporal Server Denial of Service

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689

Summary: CVE-2024-2689 is a Temporal Server DoS affecting versions 1.20.5, 1.21.6 and 1.22.7 where an authenticated user with workflow permissions can submit an invalid UTF-8 string to trigger a crashloop, causing queue lag and eventual resource exhaustion. The logs may reveal the failing workflo...

AZL-37462 CVE-2023-45289 affecting package golang for versions less than 1.21.6-1

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

AZL-37504 CVE-2023-45290 affecting package golang for versions less than 1.21.6-1

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

CVE-2023-39325 affecting package golang for versions less than 1.21.6-1

CVE-2023-39325 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-24538 affecting package golang for versions less than 1.21.6-1

CVE-2023-24538 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2022-2880 affecting package golang for versions less than 1.21.6-1

CVE-2022-2880 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-45290 affecting package golang for versions less than 1.21.6-1

CVE-2023-45290 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-29405 affecting package golang for versions less than 1.21.6-1

CVE-2023-29405 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-39325 affecting package golang for versions less than 1.21.6-1

CVE-2023-39325 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2022-41722 affecting package golang for versions less than 1.21.6-1

CVE-2022-41722 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2022-41715 affecting package golang for versions less than 1.21.6-1

CVE-2022-41715 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...