Add some result scripts and results.
This commit is contained in:
sleepwithoutbz
75
DoS_result/pure_from_description_11-25.log
Normal file
75
DoS_result/pure_from_description_11-25.log
Normal file
@@ -0,0 +1,75 @@
|
||||
cve: ./data/2011/2xxx/CVE-2011-2189.json
|
||||
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
|
||||
|
||||
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason":"[容器的运行会导致宿主机内存资源被大量占用]","CVE_Consequence":"[该CVE可能导致拒绝服务攻击,严重程度较高]"}
|
||||
|
||||
cve: ./data/2012/2xxx/CVE-2012-2127.json
|
||||
fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd.
|
||||
|
||||
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason":"[容器的运行会导致宿主机内存资源被大量占用]","CVE_Consequence":"[该CVE可能导致内存消耗过大,进而引发拒绝服务攻击,严重程度较高]"}
|
||||
|
||||
cve: ./data/2013/4xxx/CVE-2013-4205.json
|
||||
Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.
|
||||
|
||||
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason":"[容器的运行会导致宿主机内存资源被大量占用]","CVE_Consequence":"[该CVE可能导致内存泄漏,进而造成拒绝服务攻击,严重程度较高]"}
|
||||
|
||||
cve: ./data/2014/5xxx/CVE-2014-5207.json
|
||||
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
|
||||
|
||||
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason":"[容器的运行可能会导致宿主机文件系统更新操作过多,从而消耗大量CPU或硬盘资源]","CVE_Consequence":"[该CVE可能导致本地用户通过特定命令引发拒绝服务攻击,严重程度较高]"}
|
||||
|
||||
cve: ./data/2014/8xxx/CVE-2014-8171.json
|
||||
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
|
||||
|
||||
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason":"容器的运行会导致宿主机内存资源被大量占用","CVE_Consequence":"该CVE可能导致拒绝服务(死锁),严重程度较高"}
|
||||
|
||||
cve: ./data/2016/6xxx/CVE-2016-6213.json
|
||||
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
|
||||
|
||||
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason":"[容器的运行会导致宿主机内存资源被大量占用,并可能引发死锁]","CVE_Consequence":"[该CVE可能导致宿主机内存耗尽及系统死锁,严重程度高]"}
|
||||
|
||||
cve: ./data/2016/8xxx/CVE-2016-8579.json
|
||||
docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.
|
||||
|
||||
analysis: {"Container":"docker2aci","CVE_Reason":"容器的运行会导致宿主机CPU资源被大量占用","CVE_Consequence":"该CVE可能导致系统性能下降,严重程度为高"}
|
||||
|
||||
cve: ./data/2016/9xxx/CVE-2016-9191.json
|
||||
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.
|
||||
|
||||
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason":"[容器的运行会导致宿主机系统挂起,可能是由于CPU或其它资源被大量占用]","CVE_Consequence":"[该CVE可能导致系统拒绝服务(系统挂起),严重程度较高]"}
|
||||
|
||||
cve: ./data/2017/11xxx/CVE-2017-11468.json
|
||||
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
|
||||
|
||||
analysis: {"Container":"Docker Registry","CVE_Reason":"容器的运行会导致宿主机内存资源被大量占用","CVE_Consequence":"该CVE可能导致远程攻击者通过manifest endpoint造成拒绝服务,严重程度较高"}
|
||||
|
||||
cve: ./data/2017/14xxx/CVE-2017-14179.json
|
||||
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
|
||||
|
||||
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason":"[容器的运行会导致宿主机资源被大量占用,具体为资源耗尽问题]","CVE_Consequence":"[该CVE可能导致拒绝服务攻击,资源耗尽,甚至获得root权限或逃逸容器,严重程度较高]"}
|
||||
|
||||
cve: ./data/2017/14xxx/CVE-2017-14180.json
|
||||
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
|
||||
|
||||
analysis: {"Container":"Apport","CVE_Reason":"容器的运行会导致宿主机内存资源或CPU资源被大量占用,造成资源耗尽问题","CVE_Consequence":"该CVE可能导致拒绝服务攻击,严重程度较高,还可能带来提权风险"}
|
||||
|
||||
cve: ./data/2017/14xxx/CVE-2017-14992.json
|
||||
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
|
||||
|
||||
analysis: {"Container":"Docker-CE (Moby)","CVE_Reason":"容器的运行会导致宿主机CPU资源和内存资源被大量占用","CVE_Consequence":"该CVE可能导致拒绝服务(DoS),严重程度较高"}
|
||||
|
||||
cve: ./data/2018/10xxx/CVE-2018-10205.json
|
||||
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.
|
||||
|
||||
analysis: {"Container":"hyperstart 1.0.0","CVE_Reason":"容器的运行会导致宿主机内存资源被泄漏","CVE_Consequence":"内存泄漏会逐渐消耗宿主机的内存资源,可能导致系统性能下降或崩溃,严重程度较高"}
|
||||
|
||||
cve: ./data/2018/1xxx/CVE-2018-1277.json
|
||||
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell.
|
||||
|
||||
analysis: {"Container":"Cloud Foundry Garden-runC","CVE_Reason":"容器的运行会导致宿主机硬盘空间资源被大量占用","CVE_Consequence":"恶意Docker镜像会消耗超出配额的磁盘空间,可能导致Diego cell拒绝服务(DoS),严重程度较高"}
|
||||
|
||||
cve: ./data/2018/20xxx/CVE-2018-20699.json
|
||||
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
|
||||
|
||||
analysis: {"Container":"Docker Engine","CVE_Reason":"容器的运行会导致宿主机内存资源被大量占用","CVE_Consequence":"该CVE可能导致宿主机内存消耗过多,从而引发拒绝服务攻击,严重程度较高"}
|
||||
|
||||
Reference in New Issue
Block a user