CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8059
https://notcve.org/view.php?id=CVE-2018-8059
The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used. Los ejemplos de configuración Djelibeybi para usar NGINX en SUSE Portus 2.3, al aplicarse a ciertas configuraciones relacionadas con Docker Compose, tienen un problema de ausencia de validación de certificados SSL debido a que no se emplea directivas proxy_ssl_*. • http://openwall.com/lists/oss-security/2018/03/07/4 https://exchange.xforce.ibmcloud.com/vulnerabilities/140144 • CWE-295: Improper Certificate Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14621
https://notcve.org/view.php?id=CVE-2017-14621
Portus 2.2.0 has XSS via the Team field, related to typeahead. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Portus 2.2.0 en el campo Team, relacionado con typeahead. • https://github.com/SUSE/Portus/pull/1425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •