CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8164
https://notcve.org/view.php?id=CVE-2014-8164
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. Una configuración no segura para la verificación de certificados (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) puede conllevar a una omisión de verificación en Red Hat CloudForms versión 5.x • https://bugzilla.redhat.com/show_bug.cgi?id=1151208 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2256 – Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization
https://notcve.org/view.php?id=CVE-2022-2256
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. Se ha encontrado una vulnerabilidad de tipo Cross-site scripting (XSS) Almacenado en keycloak tal y como es suministrado en Red Hat Single Sign-On versión 7. Este fallo permite a un atacante privilegiado ejecutar scripts maliciosos en la consola de administración, abusando de la funcionalidad de los roles por defecto A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. • https://bugzilla.redhat.com/show_bug.cgi?id=2101942 https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49 https://access.redhat.com/security/cve/CVE-2022-2256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3650
https://notcve.org/view.php?id=CVE-2014-3650
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. Se encontraron múltiples fallos persistentes de tipo cross-site scripting (XSS) en la forma en que Aerogear manejaba determinado contenido suministrado por el usuario. Un atacante remoto podría usar estos fallos para comprometer la aplicación con entradas especialmente diseñadas • https://bugzilla.redhat.com/show_bug.cgi?id=1144212 https://issues.redhat.com/browse/AEROGEAR-5978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3648
https://notcve.org/view.php?id=CVE-2014-3648
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. • https://issues.redhat.com/browse/AEROGEAR-6091 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0068
https://notcve.org/view.php?id=CVE-2014-0068
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. Se ha reportado que watchman en openshift node-utils crea /var/run/watchman.pid y /var/log/watchman.ouput con permiso de escritura mundial • https://bugzilla.redhat.com/show_bug.cgi?id=1064100 • CWE-732: Incorrect Permission Assignment for Critical Resource •