sleepwithoutbz/cve
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cve/DoS_result/pure_from_description_11-25.log
sleepwithoutbz 5eb154c4e1 Add some result scripts and results.
2025-10-06 11:29:53 +08:00

76 lines
8.2 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

cve: ./data/2011/2xxx/CVE-2011-2189.json
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason""[容器的运行会导致宿主机内存资源被大量占用]""CVE_Consequence":"[该CVE可能导致拒绝服务攻击严重程度较高]"}
cve: ./data/2012/2xxx/CVE-2012-2127.json
fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd.
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason""[容器的运行会导致宿主机内存资源被大量占用]""CVE_Consequence":"[该CVE可能导致内存消耗过大进而引发拒绝服务攻击严重程度较高]"}
cve: ./data/2013/4xxx/CVE-2013-4205.json
Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason""[容器的运行会导致宿主机内存资源被大量占用]","CVE_Consequence":"[该CVE可能导致内存泄漏进而造成拒绝服务攻击严重程度较高]"}
cve: ./data/2014/5xxx/CVE-2014-5207.json
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason""[容器的运行可能会导致宿主机文件系统更新操作过多从而消耗大量CPU或硬盘资源]","CVE_Consequence":"[该CVE可能导致本地用户通过特定命令引发拒绝服务攻击严重程度较高]"}
cve: ./data/2014/8xxx/CVE-2014-8171.json
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason""容器的运行会导致宿主机内存资源被大量占用","CVE_Consequence":"该CVE可能导致拒绝服务死锁严重程度较高"}
cve: ./data/2016/6xxx/CVE-2016-6213.json
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason""[容器的运行会导致宿主机内存资源被大量占用,并可能引发死锁]""CVE_Consequence":"[该CVE可能导致宿主机内存耗尽及系统死锁严重程度高]"}
cve: ./data/2016/8xxx/CVE-2016-8579.json
docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.
analysis: {"Container":"docker2aci","CVE_Reason":"容器的运行会导致宿主机CPU资源被大量占用","CVE_Consequence":"该CVE可能导致系统性能下降严重程度为高"}
cve: ./data/2016/9xxx/CVE-2016-9191.json
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason""[容器的运行会导致宿主机系统挂起可能是由于CPU或其它资源被大量占用]","CVE_Consequence":"[该CVE可能导致系统拒绝服务系统挂起严重程度较高]"}
cve: ./data/2017/11xxx/CVE-2017-11468.json
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
analysis: {"Container":"Docker Registry","CVE_Reason":"容器的运行会导致宿主机内存资源被大量占用","CVE_Consequence":"该CVE可能导致远程攻击者通过manifest endpoint造成拒绝服务严重程度较高"}
cve: ./data/2017/14xxx/CVE-2017-14179.json
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
analysis: {"Container":"[存在CVE的容器镜像]","CVE_Reason""[容器的运行会导致宿主机资源被大量占用,具体为资源耗尽问题]","CVE_Consequence":"[该CVE可能导致拒绝服务攻击资源耗尽甚至获得root权限或逃逸容器严重程度较高]"}
cve: ./data/2017/14xxx/CVE-2017-14180.json
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
analysis: {"Container":"Apport","CVE_Reason":"容器的运行会导致宿主机内存资源或CPU资源被大量占用造成资源耗尽问题","CVE_Consequence":"该CVE可能导致拒绝服务攻击严重程度较高还可能带来提权风险"}
cve: ./data/2017/14xxx/CVE-2017-14992.json
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
analysis: {"Container":"Docker-CE (Moby)","CVE_Reason":"容器的运行会导致宿主机CPU资源和内存资源被大量占用","CVE_Consequence":"该CVE可能导致拒绝服务DoS严重程度较高"}
cve: ./data/2018/10xxx/CVE-2018-10205.json
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.
analysis: {"Container":"hyperstart 1.0.0","CVE_Reason":"容器的运行会导致宿主机内存资源被泄漏","CVE_Consequence":"内存泄漏会逐渐消耗宿主机的内存资源,可能导致系统性能下降或崩溃,严重程度较高"}
cve: ./data/2018/1xxx/CVE-2018-1277.json
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell.
analysis: {"Container":"Cloud Foundry Garden-runC","CVE_Reason":"容器的运行会导致宿主机硬盘空间资源被大量占用","CVE_Consequence":"恶意Docker镜像会消耗超出配额的磁盘空间可能导致Diego cell拒绝服务DoS严重程度较高"}
cve: ./data/2018/20xxx/CVE-2018-20699.json
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
analysis: {"Container":"Docker Engine","CVE_Reason":"容器的运行会导致宿主机内存资源被大量占用","CVE_Consequence":"该CVE可能导致宿主机内存消耗过多从而引发拒绝服务攻击严重程度较高"}
Reference in New Issue View Git Blame Copy Permalink