CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3664 – jenkins: directory traversal flaw (SECURITY-131)
https://notcve.org/view.php?id=CVE-2014-3664
15 Oct 2014 — Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Overall/READ leer archivos arbitrarios a través de vectores no especificados OpenShift Enterprise by Red Hat is the company's cloud computi... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3681 – jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)
https://notcve.org/view.php?id=CVE-2014-3681
15 Oct 2014 — Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS in Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for ... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0CVE-2014-3496 – Origin: Command execution as root via downloadable cartridge source-url
https://notcve.org/view.php?id=CVE-2014-3496
18 Jun 2014 — cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. cartridge_repository.rb en OpenShift Origin and Enterprise 1.2.8 hasta 2.1.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una Url de fuente que termina con una extensión de fichero (... • http://rhn.redhat.com/errata/RHSA-2014-0762.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2014-0233 – OpenShift: downloadable cartridge source url file command execution as root
https://notcve.org/view.php?id=CVE-2014-0233
22 May 2014 — Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. Red Hat OpenShift Enterprise 2.0 y 2.1 y OpenShift Origin permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de meta-caracteres de shell en el nombre del directorio referenciado por un cartucho (cartridge), usando el fichero : URI scheme. The rubygem-o... • http://rhn.redhat.com/errata/RHSA-2014-0529.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0164 – mcollective: world readable client config
https://notcve.org/view.php?id=CVE-2014-0164
02 May 2014 — openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. openshift-origin-broker-util, utilizado en Red Hat OpenShift Enterprise 1.2.7 y 2.0.5, utiliza permisos de lectura universal para el archivo de configuración de mcollective client.cfg, lo que permite a usuarios locales obtener credenciales y ... • http://rhn.redhat.com/errata/RHSA-2014-0460.html • CWE-310: Cryptographic Issues CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0188 – OpenShift: openshift-origin-broker plugin allows impersonation
https://notcve.org/view.php?id=CVE-2014-0188
23 Apr 2014 — The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. El openshift-origin-broker en Red Hat OpenShift Enterprise 2.0.5, 1.2.7, y anteriores no maneja adecuadamente las peticiones de autenticación provenientes del plugin de autenticación de us... • http://rhn.redhat.com/errata/RHSA-2014-0422.html • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1869 – stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws
https://notcve.org/view.php?id=CVE-2014-1869
08 Feb 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). Múltiples vulnerabilidades de XSS en ZeroClipboard.swf en ZeroClipboard anterior a 1.3.2, mantenido por Jon Rohan y James M. Greene, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vect... • http://secunia.com/advisories/56821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 2CVE-2013-2186 – commons-fileupload: Arbitrary file upload via deserialization
https://notcve.org/view.php?id=CVE-2013-2186
16 Oct 2013 — The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a tr... • https://github.com/GrrrDog/ACEDcup • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 5.8EPSS: 0%CPEs: 25EXPL: 0CVE-2012-2125 – rubygems: Two security fixes in v1.8.23
https://notcve.org/view.php?id=CVE-2012-2125
04 Sep 2013 — RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. RubyGems anteriores a 1.8.23 pueden redirigir conexiones HTTPS a HTTP, lo cual facilita a atacantes remotos observar o modificar una gema durante la instalación a través de un ataque man-in-the-middle. Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, rel... • http://rhn.redhat.com/errata/RHSA-2013-1203.html •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2012-2126 – rubygems: Two security fixes in v1.8.23
https://notcve.org/view.php?id=CVE-2012-2126
04 Sep 2013 — RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. RubyGems anteriores a 1.8.23 no verifican un certificado SSL, lo cual permite a atacantes remotos modificar una gema durante la instalación a través de un ataque man-in-the-middle. Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing ... • http://rhn.redhat.com/errata/RHSA-2013-1203.html • CWE-310: Cryptographic Issues •