Page 22 of 125 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM Existe una vulnerabilidad de omisión del sandbox en Pipeline: Groovy Plugin 2.59 y anteriores en groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java y groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java que permite que los atacantes con el permiso Job/Configure, o atacantes no autorizados con privilegios del commit SCM y las pipelines basadas en Jenkinsfiles establecidas en Jenkins, ejecuten código arbitrario en el maestro JVM de Jenkins. • https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 34%CPEs: 14EXPL: 4

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. En todas las versiones de Kubernetes anteriores a la v1.10.11, v1.11.5 y la v1.12.3, el manejo incorrecto de las respuestas de error a las peticiones de actualización en el proxy en kube-apiserver permitían que las peticiones especialmente manipuladas estableciesen una conexión mediante el servidor de la API de Kubernetes a los servidores del backend y enviasen peticiones arbitrarias en la misma conexión directamente al backend, autenticadas con las credenciales TLS del servidor de la API de Kubernetes empleadas para establecer la conexión con el backend. A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. • https://www.exploit-db.com/exploits/46052 https://www.exploit-db.com/exploits/46053 https://github.com/sh-ubh/CVE-2018-1002105 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/106068 https://access.redhat.com/errata/RHSA-2018:3537 h • CWE-305: Authentication Bypass by Primary Weakness CWE-388: 7PK - Errors •

CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securityfocus.com/bid/106145 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0109 https://access.redhat.com/errata/RHSA-2019:1790 https://access.redhat.com/errata/RHSA-2019:1942 https://access.redhat.com/errata/RHSA-2019:2400 https:&#x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. psi/zdevice2.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a que el espacio de pila disponible no se comprueba cuando el dispositivo no cambia. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761e03bc70a9f249a987e http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=aeea342904978c9fe17d85f4906a0f6fcce2d315 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700153 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerabilit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 1

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. psi/zicc.c en Artifex Ghostscript en versiones anteriores a la 9.26 permite a los atacantes remotos omitir las restricciones de acceso planeadas debido a una confusión del tipo setcolorspace. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a http://git.ghostscript.com/?p=ghostpdl.git%3Bh=434753adbe8be5534bfb9b7d91746023e8073d16 http://www.securityfocus.com/bid/106154 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=700169 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript&# • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •