27 matches found
CVE-2022-31078
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...
EUVD-2022-6403
Malicious code in bioql PyPI...
EUVD-2022-5992
Malicious code in bioql PyPI...
CVE-2022-31076
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
GO-2022-0510 KubeEdge CloudCore Router memory exhaustion vulnerability in github.com/kubeedge/kubeedge
KubeEdge CloudCore Router memory exhaustion vulnerability in github.com/kubeedge/kubeedge...
GO-2022-0501 CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server in github.com/kubeedge/kubeedge
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server in github.com/kubeedge/kubeedge...
GO-2022-0500 CloudCore UDS Server: Malicious Message can crash CloudCore in github.com/kubeedge/kubeedge
CloudCore UDS Server: Malicious Message can crash CloudCore in github.com/kubeedge/kubeedge...
CVE-2022-31078
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...
Design/Logic Flaw
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...
KubeEdge CloudCore Router memory exhaustion vulnerability
Impact The CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes ...
GHSA-QPX3-9565-5XWM KubeEdge CloudCore Router memory exhaustion vulnerability
Impact The CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes ...
CVE-2022-31078 KubeEdge CloudCore Router memory exhaustion
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...
CVE-2022-31078 KubeEdge CloudCore Router memory exhaustion
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...
CVE-2022-31078
KubeEdge CloudCore Router memory exhaustion DoS vulnerability (CVE-2022-31078) affects pre-1.11.1, pre-1.10.2, and pre-1.9.4 releases. The REST handler’s HTTP response size is not limited, allowing an authenticated cloud user to trigger a large response that exhausts memory and causes CloudCore d...
CVE-2022-31078 KubeEdge CloudCore Router memory exhaustion
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...
PT-2022-20513 · Kubeedge · Kubeedge
Name of the Vulnerable Software and Affected Versions: KubeEdge versions prior to 1.11.1 KubeEdge versions prior to 1.10.2 KubeEdge versions prior to 1.9.4 Description: The CloudCore Router in KubeEdge does not impose a limit on the size of responses to requests made by the REST handler, allowing...
CVE-2022-31076
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
Design/Logic Flaw
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
CVE-2022-31076
KubeEdge vulnerability CVE-2022-31076 affects CloudCore’s UDS Server. A crafted message can trigger a nil-pointer dereference when the unixsocket switch is enabled in cloudcore.yaml, crashing CloudCore. Impact is local to the host network and assumes the attacker is an authenticated Cloud user; e...
CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...