176 matches found
PT-2023-2198 · Golang +11 · Net/Http +12
Name of the Vulnerable Software and Affected Versions: GoLang net/http and mime/multipart affected versions not specified Description: A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can...
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2022-35241
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
[SECURITY] Fedora 36 Update: duf-0.8.1-4.fc36
Disk Usage/Free Utility - a better 'df' alternative...
[SECURITY] Fedora 35 Update: duf-0.8.1-3.fc35
Disk Usage/Free Utility - a better 'df' alternative...
[SECURITY] Fedora 36 Update: duf-0.8.1-3.fc36
Disk Usage/Free Utility - a better 'df' alternative...
The vulnerability of the DiskUsage.exe executable in the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the DiskUsage.exe executable in the Windows operating system exists due to insufficient checks on input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the process, and conmon writes the output to disk. CRI...
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...
[SECURITY] Fedora 34 Update: rust-dua-cli-2.11.1-3.fc34
Tool to conveniently learn about the disk usage of directories, fast!...
Fedora: Security Advisory for rust-dua-cli (FEDORA-2021-32c9adf002)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Matrix Sydent 输入验证错误漏洞
Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix Foundation in the UK. Matrix Sydent suffers from an input validation error vulnerability that stems from the fact that the lack of input validation for certain parameters may lead to overuse of disk space a...
Duf - Disk Usage/Free Utility (Linux, BSD, macOS & Windows)
Disk Usage/Free Utility Linux, BSD, macOS & Windows Features User-friendly, colorful output Adjusts to your terminal's width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf...
kubernetes: Node disk DOS by writing to container /etc/hosts
A flaw was found in Kubernetes, where the amount of disk space the /etc/hosts file can use is unconstrained . This flaw can allow attacker-controlled pods to cause a denial of service if they have permission to write to the node's /etc/hosts file...
CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43139)
CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxdiskusage.php file not...
CVE-2020-15427
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdiskusage.php. When parsing the folderName parameter, the process...
Denial Of Service (DoS)
github.com/kubernetes/kubernetes is vulnerable to denial of service. The kubelet eviction manager does not account for the disk usage for the /etc/hosts file when calculating ephemeral storage usage in a pod, which would cause the node to fail when the hosts file becomes too large...
CVE-2020-8557
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...
CVE-2020-8557
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...