CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-44914
https://notcve.org/view.php?id=CVE-2024-44914
ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS). • https://github.com/yuhano/irfanview_Poc • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43414 – Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
https://notcve.org/view.php?id=CVE-2024-43414
Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a denial-of-service vulnerability. ... Note that a supergraph can contain a mix of Federation 1 and Federation 2 subgraphs. ... As part of normal operations, the query planner requires and calculates the number of possible query plans for the total query. That is, it needs the product of the number of query plan candidates for each piece of the query. ... If the count of candidates is evaluated as infinity, the component of the query planner responsible for pruning less-than-optimal query plans does not actually prune candidates, causing the query planner to evaluate many orders of magnitude more query plan candidates than necessary. • https://github.com/apollographql/federation/security/advisories/GHSA-fmj9-77q8-g6c4 https://www.apollographql.com/docs/federation/query-plans https://www.apollographql.com/docs/router/configuration/persisted-queries • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43783 – Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
https://notcve.org/view.php?id=CVE-2024-43783
Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of service vulnerability if _all_ of the following are true: 1. ... Instances of the Apollo Router running versions >=1.7.0 and <1.52.1 are impacted by a denial-of-service vulnerability if all of the following are true: 1. ... This can cause the Router to be out-of-memory (OOM) terminated if a sufficiently large request is sent to the Router. ... If you cannot upgrade, you can mitigate the denial-of-service opportunity impacting External Coprocessors by setting the coprocessor.router.request.body configuration option to false. • https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14 https://github.com/apollographql/router/releases/tag/v1.52.1 https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32 https://www.apollographql.com/docs/router/configuration/overview/#request-limits https://www.apollographql.com/docs/router/customizations/coprocessor https://www.apollographql.com/docs/router/customizations/native • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8182 – Flowise Denial of Service
https://notcve.org/view.php?id=CVE-2024-8182
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint. • https://tenable.com/security/research/tra-2024-34 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41176 – Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41176
The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request. • https://cert.vde.com/en/advisories/VDE-2024-050 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •