8 matches found
CVE-2025-71180
In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...
Denial-of-service (DoS)
github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint crashing when it receives a malformed Gogs push event with a missing or null commits.repo field, which allows an attacker to send crafted API requests that crash the A...
SUSE CVE-2025-59537
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate client...
SUSE CVE-2025-59538
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...
CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...
GHSA-GPX4-37G2-C8PV Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...
Improper Validation of Function Hook Arguments
Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...
Improper Validation of Function Hook Arguments
Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...