NotCVE - vendor:"Redhat" product:"Openshift" version:"

Page 12 of 116 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2013-2119 – rubygem-passenger: incorrect temporary file usage

https://notcve.org/view.php?id=CVE-2013-2119

05 Aug 2013 — Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegación de servicio (prevención de inicio de la aplicación) u obtener privilegios creando un fichero "con... • http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2013-0164 – openshift-origin-port-proxy: openshift-port-proxy-cfg lockwrap() tmp file creation

https://notcve.org/view.php?id=CVE-2013-0164

24 Feb 2013 — The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. La función "lockwrap" en port-proxy/bin/openshift-port-proxy-cfg en Red Hat OpenShift Origin anterior a v1.1 permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp. • http://rhn.redhat.com/errata/RHSA-2013-0220.html • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-5658 – Origin: rhc-chk.rb password exposure in log files

https://notcve.org/view.php?id=CVE-2012-5658

24 Feb 2013 — rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels. RHC-chk.rb en Red Hat OpenShift Origin anterior a v1,1, cuando -d (modo de depuración) se utiliza, muestra la contraseña y otra información confidencial en texto plano, lo que permite a atacantes dependientes d... • http://rhn.redhat.com/errata/RHSA-2013-0220.html • CWE-310: Cryptographic Issues •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0

CVE-2012-5646 – openshift-origin-node-util: restorer.php preg_match shell code injection

https://notcve.org/view.php?id=CVE-2012-5646

24 Feb 2013 — node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos ejecutar comandos arbitrarios mediante un uuid falsificado en el PATH_INFO. • http://rhn.redhat.com/errata/RHSA-2013-0148.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2012-5647 – openshift-origin-node-util: restorer.php arbitrary URL redirection

https://notcve.org/view.php?id=CVE-2012-5647

24 Feb 2013 — Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO. Vulnerabilidad de redirección en node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos redirigir usuarios a sitios Web Arbitrarios y llevar a cabo ataques de phishing mediante una URL en el PATH_INFO. • http://rhn.redhat.com/errata/RHSA-2013-0148.html • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-5622 – openshift-console: CSRF attack

https://notcve.org/view.php?id=CVE-2012-5622

18 Dec 2012 — Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en la consola de gestión (openshift-console/app/controllers/application_controller.rb) en OpenShift v0.0.5 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios a... • http://osvdb.org/88333 • CWE-352: Cross-Site Request Forgery (CSRF) •

1...10 11 12