CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47827 – Argo Workflows Controller: Denial of Service via malicious daemon Workflows
https://notcve.org/view.php?id=CVE-2024-47827
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2. • https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75 https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a https://github.com/argoproj/argo-workflows/pull/13641 https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1108: Excessive Reliance on Global Variables •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45802 – Squid Denial of Service
https://notcve.org/view.php?id=CVE-2024-45802
Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. • https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-34537
https://notcve.org/view.php?id=CVE-2024-34537
TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. • https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp https://typo3.org/security/advisory/typo3-core-sa-2024-011 https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-50602 – libexpat: expat: DoS via XML_ResumeParser
https://notcve.org/view.php?id=CVE-2024-50602
A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service. • https://github.com/libexpat/libexpat/pull/915 https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2020-26311 – GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent
https://notcve.org/view.php?id=CVE-2020-26311
All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available. • https://github.com/3rd-Eden/useragent/issues/167 https://securitylab.github.com/advisories/GHSL-2020-312-redos-useragent • CWE-1333: Inefficient Regular Expression Complexity •