45 matches found
CVE-2022-31075
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to /edge.crt. I...
EUVD-2021-7093
Malicious code in bioql PyPI...
EUVD-2021-7097
Malicious code in bioql PyPI...
EUVD-2021-7095
Malicious code in bioql PyPI...
EUVD-2022-6445
Malicious code in bioql PyPI...
EUVD-2021-7094
Malicious code in bioql PyPI...
CVE-2021-1627
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021...
CVE-2021-1626
MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021...
CVE-2021-1630
XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...
CVE-2021-1628
MuleSoft is aware of a XML External Entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021...
CVE-2022-31075
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to /edge.crt. I...
Authorization
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to /edge.crt. I...
GHSA-6WVC-6PWW-QR4R DoS in KubeEdge's Websocket Client in package Viaduct
Impact A large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is being read into memory which could allow an attacker to send a request that returns a response with a large body. The consequence of the exhaustion is that the proce...
GHSA-X3PX-2P95-F6JR KubeEdge DoS when signing the CSR from EdgeCore
Impact EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to /edge.crt. If an attacker can send a well-crafted HTTP request to CloudHub, and that request has a very large body, that request could crash the HTTP service through a memory...
KubeEdge DoS when signing the CSR from EdgeCore
Impact EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to /edge.crt. If an attacker can send a well-crafted HTTP request to CloudHub, and that request has a very large body, that request could crash the HTTP service through a memory...
CVE-2022-31080 KubeEdge Websocket Client in package Viaduct: DoS from large response message
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, a large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is...
CVE-2022-31075
CVE-2022-31075 affects KubeEdge EdgeCore when the CloudHub module is enabled. A maliciously crafted HTTP request to /edge.crt with a very large body can exhaust memory and crash the CloudHub HTTP service, leading to a denial of service. This vulnerability exists in versions prior to 1.11.1, 1.10....
CVE-2022-31075 KubeEdge DoS when signing the CSR from EdgeCore
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to /edge.crt. I...
CVE-2022-31075 KubeEdge DoS when signing the CSR from EdgeCore
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to /edge.crt. I...
CVE-2022-31075 KubeEdge DoS when signing the CSR from EdgeCore
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to /edge.crt. I...