CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0163
https://notcve.org/view.php?id=CVE-2014-0163
11 Dec 2019 — Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. OpenShift presenta fallos de inyección de comandos de shell debido a que los datos no saneados son pasados a los comandos de shell. • https://access.redhat.com/security/cve/cve-2014-0163 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0163
https://notcve.org/view.php?id=CVE-2013-0163
05 Dec 2019 — OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS Un cartucho haproxy de OpenShift: un /tmp predecible en el enlace de conexión set-proxy que podría facilitar una DoS. • https://access.redhat.com/security/cve/cve-2013-0163 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 1CVE-2013-5123 – phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect
https://notcve.org/view.php?id=CVE-2013-5123
05 Nov 2019 — The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. El soporte de duplicación (-M, --use-mirrors) en Python Pip versiones anteriores a la versión 1.5, utiliza consultas DNS no seguras y comprobaciones de autenticidad que permiten a atacantes realizar ataques de tipo man-in-the-middle. • https://www.exploit-db.com/exploits/24086 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10885
https://notcve.org/view.php?id=CVE-2018-10885
05 Jul 2018 — In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. En atomic-openshift en versiones anteriores a la 3.10.9 una configuración network-policy maliciosa puede provocar que Openshift Routing se cierre inesperadamente al emplear el plugin ovs-networkpolicy. Un atacante puede emplear este error para pr... • http://www.securityfocus.com/bid/104688 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4364
https://notcve.org/view.php?id=CVE-2013-4364
08 Jan 2018 — (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. (1) oo-analytics-export y (2) oo-analytics-import en el paquete openshift-origin-broker-util en Red Hat OpenShift Enterprise 1 y 2 permiten que los usuarios locales provoquen un impacto sin especificar mediante un ataque symlink en un archivo no especificado en /tmp. • https://bugzilla.redhat.com/show_bug.cgi?id=1009734 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7537 – jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)
https://notcve.org/view.php?id=CVE-2015-7537
27 Jan 2016 — Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. Vulnerabilidad de CSRF en Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que tienen un impacto no especificado a través de vectores re... • http://rhn.redhat.com/errata/RHSA-2016-0489.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7538 – jenkins: CSRF protection ineffective (SECURITY-233)
https://notcve.org/view.php?id=CVE-2015-7538
27 Jan 2016 — Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores no especificados. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issues are addressed ... • http://rhn.redhat.com/errata/RHSA-2016-0489.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5318 – jenkins: Public value used for CSRF protection salt (SECURITY-169)
https://notcve.org/view.php?id=CVE-2015-5318
25 Nov 2015 — Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 utiliza un salt de acceso público para generar tokens de protección CSRF, lo que hace que sea más fácil para atacantes remotos eludir el mecanismo de protección CSRF a través de un ataque de fuerza bruta. OpenSh... • http://rhn.redhat.com/errata/RHSA-2016-0489.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5319 – jenkins: XXE injection into job configurations via CLI (SECURITY-173)
https://notcve.org/view.php?id=CVE-2015-5319
25 Nov 2015 — XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. Vulnerabilidad XXE en el comando create-job en CLI en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos leer archivos arbitrarios a través de una configuración de trabajo m... • http://rhn.redhat.com/errata/RHSA-2016-0489.html •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5320 – jenkins: Secret key not verified when connecting a slave (SECURITY-184)
https://notcve.org/view.php?id=CVE-2015-5320
25 Nov 2015 — Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 no verifica adecuadamente el secreto compartido utilizado en conexiones esclavo JNLP, lo que permite a atacantes remotos conectar como esclavos ... • http://rhn.redhat.com/errata/RHSA-2016-0489.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •