CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43414 – Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
https://notcve.org/view.php?id=CVE-2024-43414
Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a denial-of-service vulnerability. • https://github.com/apollographql/federation/security/advisories/GHSA-fmj9-77q8-g6c4 https://www.apollographql.com/docs/federation/query-plans https://www.apollographql.com/docs/router/configuration/persisted-queries • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43783 – Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
https://notcve.org/view.php?id=CVE-2024-43783
Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of service vulnerability if _all_ of the following are true: 1. ... Instances of the Apollo Router running versions >=1.7.0 and <1.52.1 are impacted by a denial-of-service vulnerability if all of the following are true: 1. ... If you cannot upgrade, you can mitigate the denial-of-service opportunity impacting External Coprocessors by setting the coprocessor.router.request.body configuration option to false. • https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14 https://github.com/apollographql/router/releases/tag/v1.52.1 https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32 https://www.apollographql.com/docs/router/configuration/overview/#request-limits https://www.apollographql.com/docs/router/customizations/coprocessor https://www.apollographql.com/docs/router/customizations/native • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8182 – Flowise Denial of Service
https://notcve.org/view.php?id=CVE-2024-8182
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint. • https://tenable.com/security/research/tra-2024-34 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41176 – Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41176
The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request. • https://cert.vde.com/en/advisories/VDE-2024-050 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41175 – Beckhoff: Local Denial-of-Service vulnerability in TwinCAT/BSD and the IPC-Diagnostics package
https://notcve.org/view.php?id=CVE-2024-41175
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. • https://cert.vde.com/en/advisories/VDE-2024-049 https://infosys.beckhoff.com/content/1033/twincat_bsd/11780818443.html?id=4222392218353411614 • CWE-770: Allocation of Resources Without Limits or Throttling •