45 matches found
KubeEdge 资源管理错误漏洞
KubeEdge is KubeEdge open source a Kubernetes native edge computing framework. Built on Kubernetes and extends native containerized application orchestration and device management to edge hosts. A resource management error vulnerability exists in KubeEdge versions prior to 1.11.1, 1.10.2, and...
PT-2022-20510 · Kubeedge · Kubeedge
Name of the Vulnerable Software and Affected Versions: KubeEdge versions prior to 1.11.1 KubeEdge versions prior to 1.10.2 KubeEdge versions prior to 1.9.4 Description: EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker sends a well-crafted HTTP request to "/edge.crt". If the...
CVE-2022-31076
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
Design/Logic Flaw
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
GHSA-8F4F-V9X5-CG6J CloudCore UDS Server: Malicious Message can crash CloudCore
Impact A malicious message can crash CloudCore by triggering a null-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated...
CloudCore UDS Server: Malicious Message can crash CloudCore
Impact A malicious message can crash CloudCore by triggering a null-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated...
CVE-2021-1630
XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...
Xxe
XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...
CVE-2021-1630
XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...
CVE-2021-1630
CVE-2021-1630 is an XML External Entity (XXE) vulnerability in a Mule runtime component affecting multiple deployment options (CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on‑premises). The connected data consistently describe XXE as the underlying flaw, b...
CVE-2021-1626
MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021...
CVE-2021-1627
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021...
CVE-2021-1626
MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021...
CVE-2021-1628
MuleSoft is aware of a XML External Entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021...
CVE-2021-1627
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021...
Server side request forgery (ssrf)
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021...
Remote code execution
MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021...
Xxe
MuleSoft is aware of a XML External Entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021...
CVE-2021-1628
CVE-2021-1628 : MuleSoft’s XXE vulnerability affects MuleSoft Mule 4.x runtime versions released before 2 Feb 2021, impacting both CloudHub and on‑premise deployments. The issue stems from XML External Entity handling in the Mule runtime component. The connected documents confirm the affected pro...