CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3495
https://notcve.org/view.php?id=CVE-2014-3495
duplicity 0.6.24 has improper verification of SSL certificates duplicity versión 0.6.24, presenta una comprobación inapropiada de los certificados SSL. • https://access.redhat.com/security/cve/cve-2014-3495 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 https://security-tracker.debian.org/tracker/CVE-2014-3495 • CWE-295: Improper Certificate Validation •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2387
https://notcve.org/view.php?id=CVE-2014-2387
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities Pen versión 0.18.0, presenta vulnerabilidades no seguras en la creación de archivos temporales. • http://www.openwall.com/lists/oss-security/2014/03/13/5 http://www.openwall.com/lists/oss-security/2014/03/14/2 http://www.securityfocus.com/bid/66214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387 https://exchange.xforce.ibmcloud.com/vulnerabilities/91992 https://security-tracker.debian.org/tracker/CVE-2014-2387 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7370
https://notcve.org/view.php?id=CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7370 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8179
https://notcve.org/view.php?id=CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. Docker Engine versiones anteriores a la versión 1.8.3 y CS Docker Engine versiones anteriores a la versión 1.6.2-CS7 no comprueba y extrae apropiadamente el objeto manifiesto desde su representación JSON durante una extracción, lo que permite a atacantes inyectar nuevos atributos en un objeto JSON y omitir la comprobación pull-by-digest. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7 https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12 https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ https://www.docker.com/legal/docker-cve-database • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8178
https://notcve.org/view.php?id=CVE-2014-8178
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. Docker Engine versiones anteriores a la versión 1.8.3 y CS Docker Engine versiones anteriores a la versión 1.6.2-CS7, no utilizan un identificador único de forma global para almacenar capas de imágenes, lo que facilita a atacantes envenenar la caché de imágenes por medio de una imagen especialmente diseñada en los comandos pull o push. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12 https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ https://www.docker.com/legal/docker-cve-database • CWE-20: Improper Input Validation •