CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40634 – Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
https://notcve.org/view.php?id=CVE-2024-40634
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory (OOM) kill. The issue poses a high risk to the availability of Argo CD deployments. This vulnerability is fixed in 2.11.6, 2.10.15, and 2.9.20. Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. • https://github.com/argoproj/argo-cd/commit/46c0c0b64deaab1ece70cb701030b76668ad0cdc https://github.com/argoproj/argo-cd/commit/540e3a57b90eb3655db54793332fac86bcc38b36 https://github.com/argoproj/argo-cd/commit/d881ee78949e23160a0b280bb159e4d3d625a4df https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w https://access.redhat.com/security/cve/CVE-2024-40634 https://bugzilla.redhat.com/show_bug.cgi?id=2299473 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41131 – Out-of-bounds Write in SixLabors ImageSharp
https://notcve.org/view.php?id=CVE-2024-41131
This can potentially lead to denial of service. • https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693 https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb https://github.com/SixLabors/ImageSharp/pull/2754 https://github.com/SixLabors/ImageSharp/pull/2756 https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-38435 – Unitronics Vision PLC - CWE-703: Improper Check or Handling of Exceptional Conditions
https://notcve.org/view.php?id=CVE-2024-38435
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service Unitronics Vision PLC – CWE-703: La verificación o el manejo inadecuado de condiciones excepcionales pueden permitir la denegación de servicio • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-32007 – Apache CXF Denial of Service vulnerability in JOSE
https://notcve.org/view.php?id=CVE-2024-32007
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. ... This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. • https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633 https://access.redhat.com/security/cve/CVE-2024-32007 https://bugzilla.redhat.com/show_bug.cgi?id=2298828 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-41492
https://notcve.org/view.php?id=CVE-2024-41492
A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. Un desbordamiento de pila en Tenda AX1806 v1.0.0.1 permite a los atacantes provocar una denegación de servicio (DoS) a través de una entrada manipulada. • https://gist.github.com/Swind1er/4176fdc25e415296904c9fb19e2f8293 • CWE-121: Stack-based Buffer Overflow •