KubeEdge CloudCore Router memory exhaustion vulnerability

Impact The CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes ...

GHSA-QPX3-9565-5XWM KubeEdge CloudCore Router memory exhaustion vulnerability

Impact The CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes ...

CVE-2022-31079 KubeEdge Cloud Stream and Edge Stream DoS from large stream message

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the Cloud Stream server and the Edge Stream server reads the entire message into memory without imposing a limit on the size o...

CVE-2022-31073 KubeEdge Edge ServiceBus module DoS

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is...

CVE-2022-24140

IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file a...

CVE-2022-24140

IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file a...

Remote code execution

IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file a...

Xen PV Guest Non-SELFSNOOP CPU Memory Corruption

Xen: PV guest on non-SELFSNOOP CPUs can validate non-coherent L2 pagetable I'm not sure whether there are any major users of unshimmed Xen PV left, but https://xenbits.xen.org/docs/unstable/support-matrix.html says it's still a security-supported usecase for 64-bit guests. Tested on Debian's Xen...

CVE-2022-32411

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell...

PT-2022-22355 · Jenkins · Jenkins Opsgenie Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the storage of API keys in an unencrypted manner within the global configuration file and job config.xml files on the Jenkins controller. These keys can be...

openSUSE 15 Security Update : dbus-broker (openSUSE-SU-2022:10030-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10030-1 advisory. - An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config...

PT-2022-22356 · Jenkins · Jenkins Opsgenie Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the transmission and storage of API keys in plain text. Specifically, API keys are transmitted in plain text as part of the global Jenkins configuration form and...

Jenkins Plugin Jigomerge 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Jigomerge Plugin 0.9 and earlier...

CVE-2022-31076

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...

CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...

GHSA-8F4F-V9X5-CG6J CloudCore UDS Server: Malicious Message can crash CloudCore

Impact A malicious message can crash CloudCore by triggering a null-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated...

CVE-2021-41637

Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users...

PT-2022-14142 · Mcafee · Mcafee Consumer Product Removal Tool

Name of the Vulnerable Software and Affected Versions: McAfee Consumer Product Removal Tool versions prior to 10.4.128 Description: The issue is related to improper privilege management, which could allow a local user to modify a configuration file. This modification could lead to a LOLBin Living...

TP-Link AX50 Remote Code Execution

Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Date: 2022-06-08 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability...

PT-2022-20669 · Unknown · Dlt-Daemon

Name of the Vulnerable Software and Affected Versions: dlt-daemon version 2.18.8 Description: An issue in the dlt config file parser.c file allows attackers to cause a double free via crafted TCP packets. This can be exploited by sending specifically crafted packets to the affected system...