Tag
#dos
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these highlights help you spot what’s coming
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.
### Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no `webhook.gogs.secret` set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server process when it receives a Gogs push event whose JSON field `commits[].repo` is not set or is null. ### Details Users can access `/api/webhook` without authentication, and when accessing this endpoint, the `Handler` function parses webhook type messages according to the `header (e.g. X-Gogs-Event)` and `body` parameters provided by the user. The `Parse` function simply unmarshals JSON-type messages. In other words, it returns a data structure even if the data structure is not exactly matched. The `affectedRevisionInfo` function parses data according to webhook event types(e.g. `gogsclient.PushPayload`). However, due to the lack of data structure validation corresponding to these events, an att...
### Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no `webhook.bitbucketserver.secret` set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server process when it receives a Bitbucket-Server push event whose JSON field `repository.links.clone` is anything other than an array. A single unauthenticated curl request can push the control-plane into CrashLoopBackOff; repeating the request on each replica causes a complete outage of the API. ### Details ```go // webhook.go (Bitbucket-Server branch in affectedRevisionInfo) for _, l := range payload.Repository.Links["clone"].([]any) { // <- unsafe cast link := l.(map[string]any) ... } ``` If links.clone is a string, number, object, or null, the first type assertion panics: interface conversion: interface {} is string, not []interface {} The worker goroutine created by star...
### Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. ### Details The vulnerability is located in numerous repository related handlers in the `util/db/repository_secrets.go` file. For example, in the `secretToRepoCred` function. The issue manifests as a concurrent map access panic: ``` concurrent map read and map write ... goroutine 1104 [running]: github.com/argoproj/argo-cd/v2/util/db.(*secretsRepositoryBackend).secretToRepoCred(0xc000e50ea8?, 0xc000c65540) /go/src/github.com/argoproj/argo-cd/util/db/repository_secrets.go:404 +0x31e ``` The race condition occurs due to: 1. Concurrent repository credential operations (create/update/delete) accessing the same map 2. Kubernetes informer re-syncs happening simultaneously 3. Background watchers updating the same secret data 4. No mutex protection for map access A valid API token with `repositories`...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: Controller CECC-S,-LK,-D Family Firmware Vulnerabilities: Exposure of Resource to Wrong Sphere, Untrusted Pointer Dereference, NULL Pointer Dereference, Files or Directories Accessible to External Parties, Out-of-bounds Write, Improper Privilege Management, Incorrect Permission Assignment for Critical Resource, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Release of Memory after Effective Lifetime, Improper Handling of Exceptional Conditions, Use of a Broken or Risky Cryptographic Algorithm, Weak Password Recovery Mechanism for Forgotten Password, Use of Password Hash With Insufficient Computational Effort, Improper Access Control, Allocation of Resources Without Limits or Throttling, Improper Input Validation, Buffer Over-read, Use of Insufficiently Random Values, Improper Limitation of a Pathname to a Restricted Directory ('Path ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Low attack complexity Vendor: OpenPLC_V3 Equipment: OpenPLC_V3 Vulnerability: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of OpenPLC_V3 are affected: OpenPLC_V3: Versions prior to pull request #292 3.2 VULNERABILITY OVERVIEW 3.2.1 RELIANCE ON UNDEFINED, UNSPECIFIED, OR IMPLEMENTATION-DEFINED BEHAVIOR CWE-758 OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: CPX-CEC-C1 and CPX-CMXX Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products are affected: Festo Firmware installed on Festo Hardware Control block CPX-CEC-C1: Versions 2.0.12 and prior Festo Firmware installed on Festo Hardware Control block CPX-CMXX: Versions 1.2.34 rev.404 and prior Festo Firmware installed on Festo Hardware Control block-SET CPX-CEC-C1: Versions 1.2.34 rev.404 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of s...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: SBRD-Q/SBOC-Q/SBOI-Q Vulnerabilities: Incorrect Conversion between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow the attacker to read arbitrary data or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products are affected: Festo Firmware installed on Festo Hardware SBOC-Q-R1B: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R1B-S1: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R1C: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R1C-S1: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R2B: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R2B-S1: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R2C: All versions Festo Firmware ins...