31 matches found
CVE-2022-31076
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
SUSE CVE-2018-8779
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...
CVE-2022-31076
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
Design/Logic Flaw
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
KubeEdge 代码问题漏洞
KubeEdge is KubeEdge open source a Kubernetes native edge computing framework. Built on Kubernetes and extends native containerized application orchestration and device management to edge hosts. A code issue vulnerability exists in KubeEdge versions prior to 1.11.0, 1.10.1, and 1.9.3, which stems...
CloudCore UDS Server: Malicious Message can crash CloudCore
Impact A malicious message can crash CloudCore by triggering a null-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated...
GHSA-8F4F-V9X5-CG6J CloudCore UDS Server: Malicious Message can crash CloudCore
Impact A malicious message can crash CloudCore by triggering a null-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated...
PT-2022-20511 · Kubeedge · Kubeedge
Name of the Vulnerable Software and Affected Versions: KubeEdge versions prior to 1.11.0 KubeEdge versions prior to 1.10.1 KubeEdge versions prior to 1.9.3 Description: A malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. The attack is limited to the...
CVE-2018-8779
It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script. Mitigation It is possible to test for presence of the NULL...
Medium: ruby
Issue Overview: It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory...
NULL Byte Injection
Ruby is vulnerable to NULL byte injection vulnerability. This is because the UNIXSocket::open and UNIXServer::open ruby methods do not handle the NULL byte properly. An attacker could make and accept the socket file in the unintentional path if a script accepts an external input as the argument o...
ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...
EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1275)
According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name...
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2018-1207)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create...
EulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1206)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create...
Design/Logic Flaw
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...
CVE-2018-8779
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...
CVE-2018-8779
CVE-2018-8779 is a Ruby vulnerability in which UNIXServer.open and UNIXSocket.open did not check for NULL (NUL) bytes in the path, potentially creating an unintended socket. Public details in the provided documents show affected series include Ruby 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, 2.4...