8 results (0.010 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. La gema openshift-origin-node de Ruby antes del 14-02-2014, no contiene un tiempo de espera en cronjob lo que podría resultar en una denegación de servicio en cron.daily y cron.weekly. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

OpenShift Origin: Improperly validated team names could allow stored XSS attacks OpenShift Origin: los nombres de equipo validados inapropiadamente podrían permitir ataques de tipo XSS almacenados. • https://access.redhat.com/security/cve/cve-2014-3592 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data. Vulnerabilidad en el servidor API en OpenShift Origin 1.0.5, permite a atacantes remotos causar una denegación de servicio (caída del proceso maestro) a través de datos JSON manipulados. It was found that improper error handling in the API server could cause the master process to crash. A user with network access to the master could use this flaw to crash the master process. • https://access.redhat.com/errata/RHSA-2015:1736 https://bugzilla.redhat.com/show_bug.cgi?id=1259867 https://github.com/openshift/origin/issues/4374 https://access.redhat.com/security/cve/CVE-2015-5250 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. cartridge_repository.rb en OpenShift Origin and Enterprise 1.2.8 hasta 2.1.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una Url de fuente que termina con una extensión de fichero (1) .tar.gz, (2) .zip, (3) .tgz o (4) .tar en un fichero del manifiesto de cartuchos. • http://rhn.redhat.com/errata/RHSA-2014-0762.html http://rhn.redhat.com/errata/RHSA-2014-0763.html http://rhn.redhat.com/errata/RHSA-2014-0764.html http://secunia.com/advisories/59298 https://bugzilla.redhat.com/show_bug.cgi?id=1110470 https://github.com/openshift/origin-server/pull/5521 https://access.redhat.com/security/cve/CVE-2014-3496 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. La función "lockwrap" en port-proxy/bin/openshift-port-proxy-cfg en Red Hat OpenShift Origin anterior a v1.1 permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp. • http://rhn.redhat.com/errata/RHSA-2013-0220.html https://bugzilla.redhat.com/show_bug.cgi?id=893307 https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2 https://github.com/openshift/origin-server/pull/1136 https://access.redhat.com/security/cve/CVE-2013-0164 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •