Page 24 of 127 results (0.014 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim. Existe un error de Cross-Site Scripting (XSS) en el componente tetonic-console de Openshift Container Platform 3.11. Un atacante que pueda crear pods puede emplear este error para realizar acciones en la API K8s como víctima. • http://www.securityfocus.com/bid/105190 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937 https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c https://github.com/openshift/console/pull/461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. Puede ocurrir una escritura fuera de límites al parchear un objeto Openshift mediante la funcionalidad "oc patch" en OpenShift Container Platform, en versiones anteriores a la 3.7. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en el servicio de la API maestra de Openshift que gestiona los clústeres. An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. • https://access.redhat.com/errata/RHBA-2018:2652 https://access.redhat.com/errata/RHSA-2018:2654 https://access.redhat.com/errata/RHSA-2018:2709 https://access.redhat.com/errata/RHSA-2018:2906 https://access.redhat.com/errata/RHSA-2018:2908 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632 https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e https://access.redhat.com/security/cve/CVE-2018-14632 https://bugzilla.redhat. • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados al convertidor PDF14 integrado podrían emplear un uso de memoria previamente liberada en el manejo de copydevice para provocar el cierre inesperado del intérprete u otro tipo de impacto sin especificar. It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c432131c3fdb2143e148e8ba88555f7f7a63b25e https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=699661 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resolved https://www.debian.org/security/2018/dsa-4 • CWE-416: Use After Free •

CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 0

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written. En todas las versiones de Node.js anteriores a la 6.14.4, 8.11.4 y 10.9.0, cuando se utiliza con codificación UCS-2 (reconocida por Node.js bajo los nombres "ucs2", "ucs-2", "utf16le" y "utf-16le"), se puede explotar "Buffer#write()" para escribir fuera de los límites de un búfer. Las escrituras que empiezan desde la segunda hasta la última posición de un búfer provocan un error de cálculo de la longitud máxima de los bytes de entrada que se van a escribir. • http://www.securityfocus.com/bid/105127 https://access.redhat.com/errata/RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2944 https://access.redhat.com/errata/RHSA-2018:2949 https://access.redhat.com/errata/RHSA-2018:3537 https://nodejs.org/en/blog/vulnerability/august-2018-security-releases https://security.gentoo.org/glsa/202003-48 https://access.redhat.com/security/cve/CVE-2018-12115 https://bugzilla.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. Poppler hasta la versión 0.62 contiene una vulnerabilidad de lectura fuera de límites debido a un acceso incorrecto a la memoria que no se mapea en su espacio de memoria, tal y como queda demostrado con pdfunite. Esto puede resultar en la corrupción de memoria y una denegación de servicio (DoS). • http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988 https://bugzilla.redhat.com/show_bug.cgi?id=1602838 https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee https://lists.debian.org/debian-lts-announce/2018/10/msg00024.ht • CWE-125: Out-of-bounds Read •