WAVLINK WN535 G3 安全漏洞

The WAVLINK WN535 G3 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in the WAVLINK WN535 G3 M35G3R.V5030.180927 version, which originates from a vulnerability in livecheck.shtml. An attacker can exploit this vulnerability to obtain sensitive router...

PT-2022-20680 · Wavlink · Wavlink Aerial X 1200M

Name of the Vulnerable Software and Affected Versions: WAVLINK AERIAL X 1200M version M79X3.V5030.191012 Description: A vulnerability in the live mfg.shtml file allows attackers to obtain sensitive router information via execution of the exec cmd function. Recommendations: For version...

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

AZL-9918 CVE-2022-31030 affecting package moby-containerd for versions less than 1.6.6-1

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...

DEBIAN-CVE-2022-31030

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...

Medium: containerd

Issue Overview: A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to...

CVE-2022-31212

A stack-based buffer over-read flaw was found in the dbus-broker package. Dbus-Broker depends on c-uitl/c-shquote to parse the DBus service's Exec line, and if a malicious Exec line is supplied, this can lead to a crash or other undefined behaviors...

AZL-37071 CVE-2022-1708 affecting package cri-o for versions less than 1.21.7-1

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

FreeBSD : go -- multiple vulnerabilities (15888c7e-e659-11ec-b7fe-10c37b4ac2ea)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 15888c7e-e659-11ec-b7fe-10c37b4ac2ea advisory. - The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows...

go -- multiple vulnerabilities

The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...

Hashicorp Nomad Access Control Issues

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver...

AZL-9817 CVE-2022-29162 affecting package moby-runc for versions less than 1.1.2-2

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

DEBIAN-CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

Design/Logic Flaw

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

UBUNTU-CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

Command injection

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

GHSA-7FH9-933G-885P Drupal Core Remote Code Execution Vulnerability

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...