101 matches found
CVE-2022-1708
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
Command injection
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
CVE-2022-1708
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
CVE-2022-1708
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
Denial Of Service (DoS)
github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the ExecSync function in containerexecsync.go due to a lack of validation in memory consumption which allows an attacker to crash the application via memory exhaustion...
Apache containerd 资源管理错误漏洞
Apache containerd is a container daemon of the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to a resource management error that results from not properly controlling...
containerd CRI plugin: Host memory exhaustion through ExecSync
Impact A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to other...
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the process, and conmon writes the output to disk. CRI...
CVE-2022-31030 containerd CRI plugin: Host memory exhaustion through ExecSync
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...
CVE-2022-31030 containerd CRI plugin: Host memory exhaustion through ExecSync
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...
CVE-2022-31030
CVE-2022-31030 affects containerd’s CRI ExecSync path, where containered processes can cause unbounded memory growth in the containerd daemon, risking host memory exhaustion and denial of service. The connected documents confirm the root cause is within containerd’s CRI implementation and state f...
CVE-2022-31030
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...
PT-2022-4542 · Containerd +6 · Kubernetes Containerd +5
Name of the Vulnerable Software and Affected Versions: containerd versions prior to 1.5.13 containerd versions prior to 1.6.6 Description: A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound durin...
CVE-2022-31030
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...
PT-2022-3098 · Cri-O +7 · Cri-O +7
Name of the Vulnerable Software and Affected Versions: CRI-O versions prior to 1.24.1 CRI-O versions prior to 1.23.3 CRI-O versions prior to 1.22.5 CRI-O versions prior to v1.21.8 CRI-O versions prior to v1.20.8 CRI-O versions prior to v1.19.7 Description: A vulnerability in CRI-O causes memory o...
CVE-2021-33041
vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require'childprocess'.execSync'calc.exe' on Windows and a similar attack on macOS...
CVE-2021-33041
vmd through 1.34.0 allows ‘div class=“markdown-body”’ XSS, as demonstrated by Electron remote code execution via require‘childprocess’.execSync‘calc.exe’ on Windows and a similar attack on macOS. Recent assessments: nu11secur1ty at July 10, 2021 9:46pm UTC reported: CVE-2021-33041 If someone...
OS Command Injection in node-prompt-here
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The runCommand is called by getDevices function in file linux/manager.js, which is required by the index. process.env.NMCLI in the file linux/manager.js. This function is used to construct the argument of function execSync,...
total.js Remote Code Execution Vulnerability
total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Remote Code Execution RCE via set. PoC js // To be ru...
Command Injection
gitlog is vulnerable to command injection. The vulnerability exists through the value of branch where unsanitized inputs are sent to the execSync function...