Page 11 of 58 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS in Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://access.redhat.com/errata/RHSA-2016:0070 https://bugzilla.redhat.com/show_bug.cgi?id=1147766 https://exchange.xforce.ibmcloud.com/vulnerabilities/96975 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Overall/READ leer archivos arbitrarios a través de vectores no especificados • https://access.redhat.com/errata/RHSA-2016:0070 https://bugzilla.redhat.com/show_bug.cgi?id=1147765 https://exchange.xforce.ibmcloud.com/vulnerabilities/96973 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3664 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. cartridge_repository.rb en OpenShift Origin and Enterprise 1.2.8 hasta 2.1.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una Url de fuente que termina con una extensión de fichero (1) .tar.gz, (2) .zip, (3) .tgz o (4) .tar en un fichero del manifiesto de cartuchos. • http://rhn.redhat.com/errata/RHSA-2014-0762.html http://rhn.redhat.com/errata/RHSA-2014-0763.html http://rhn.redhat.com/errata/RHSA-2014-0764.html http://secunia.com/advisories/59298 https://bugzilla.redhat.com/show_bug.cgi?id=1110470 https://github.com/openshift/origin-server/pull/5521 https://access.redhat.com/security/cve/CVE-2014-3496 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. Red Hat OpenShift Enterprise 2.0 y 2.1 y OpenShift Origin permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de meta-caracteres de shell en el nombre del directorio referenciado por un cartucho (cartridge), usando el fichero : URI scheme. • http://rhn.redhat.com/errata/RHSA-2014-0529.html http://rhn.redhat.com/errata/RHSA-2014-0530.html https://bugzilla.redhat.com/show_bug.cgi?id=1096955 https://access.redhat.com/security/cve/CVE-2014-0233 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. openshift-origin-broker-util, utilizado en Red Hat OpenShift Enterprise 1.2.7 y 2.0.5, utiliza permisos de lectura universal para el archivo de configuración de mcollective client.cfg, lo que permite a usuarios locales obtener credenciales y otra información sensible mediante la lectura del archivo. • http://rhn.redhat.com/errata/RHSA-2014-0460.html http://rhn.redhat.com/errata/RHSA-2014-0461.html https://access.redhat.com/security/cve/CVE-2014-0164 https://bugzilla.redhat.com/show_bug.cgi?id=1083847 • CWE-310: Cryptographic Issues CWE-732: Incorrect Permission Assignment for Critical Resource •