Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

GHSA-fmj9-77q8-g6c4: Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries

### Impact Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a denial-of-service vulnerability. @apollo/gateway versions >=2.0.0 and < 2.8.5 and Apollo Router <1.52.1 are also impacted through their use of @apollo/query-planner. If @apollo/query-planner is asked to plan a sufficiently complex query, it may loop infinitely and never complete. This results in unbounded memory consumption and either a crash or out-of-memory (OOM) termination. This issue can be triggered if you have at least one non-`@key` field that can be resolved by multiple subgraphs. To identify these shared fields, the schema for each subgraph must be reviewed. The mechanism to identify shared fields varies based on the version of Federation your subgraphs are using. You can check if your subgraphs are using Federation 1 or Federation 2 by reviewing their schemas. Federation 2 subgraph schemas will contain a `@link` directive referencing the version of Federation being used while Federation 1 ...

ghsa
#vulnerability#ios#dos#java
GHSA-48x4-mx8f-gr4h: Flowise Unauthenticated Denial of Service (DoS) vulnerability

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the `/api/v1/get-upload-file` api endpoint.

Debian Security Advisory 5759-1

Debian Linux Security Advisory 5759-1 - Multiple security issues were discovered in Python, a high-level, interactive, object-oriented language.

Ubuntu Security Notice USN-6973-3

Ubuntu Security Notice 6973-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Red Hat Security Advisory 2024-5858-03

Red Hat Security Advisory 2024-5858-03 - An update for kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, denial of service, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-5856-03

Red Hat Security Advisory 2024-5856-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2024-5814-03

Red Hat Security Advisory 2024-5814-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass and denial of service vulnerabilities.

Debian Security Advisory 5758-1

Debian Linux Security Advisory 5758-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling.

Debian Security Advisory 5757-1

Debian Linux Security Advisory 5757-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Ubuntu Security Notice USN-6973-2

Ubuntu Security Notice 6973-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.