CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2012-6135
https://notcve.org/view.php?id=CVE-2012-6135
19 Nov 2019 — RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. RubyGems passenger versión 4.0.0 betas 1 y 2, permite a atacantes remotos eliminar archivos arbitrarios durante el proceso de inicio. • http://www.openwall.com/lists/oss-security/2013/03/02/1 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 12%CPEs: 10EXPL: 1CVE-2013-5123 – phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect
https://notcve.org/view.php?id=CVE-2013-5123
05 Nov 2019 — The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. El soporte de duplicación (-M, --use-mirrors) en Python Pip versiones anteriores a la versión 1.5, utiliza consultas DNS no seguras y comprobaciones de autenticidad que permiten a atacantes realizar ataques de tipo man-in-the-middle. • https://www.exploit-db.com/exploits/24086 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
10 Jul 2018 — A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found th... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10885
https://notcve.org/view.php?id=CVE-2018-10885
05 Jul 2018 — In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. En atomic-openshift en versiones anteriores a la 3.10.9 una configuración network-policy maliciosa puede provocar que Openshift Routing se cierre inesperadamente al emplear el plugin ovs-networkpolicy. Un atacante puede emplear este error para pr... • http://www.securityfocus.com/bid/104688 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2611
https://notcve.org/view.php?id=CVE-2017-2611
08 May 2018 — Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents. Jenkins en versiones anteriores a la 2.44, 2.32.2 es vulnerable a una exposición de información en la API interna que ... • http://www.securityfocus.com/bid/95956 • CWE-358: Improperly Implemented Security Check for Standard CWE-863: Incorrect Authorization •
CVSS: 9.9EPSS: 1%CPEs: 10EXPL: 0CVE-2018-1102 – source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go
https://notcve.org/view.php?id=CVE-2018-1102
27 Apr 2018 — A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Se ha encontrado un error en la función source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validación incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios. Source-to-Image is a tool for building reproducible container images... • https://access.redhat.com/errata/RHSA-2018:1227 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-1059 – dpdk: Information exposure in unchecked guest physical to host virtual address translations
https://notcve.org/view.php?id=CVE-2018-1059
24 Apr 2018 — The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direc... • https://access.redhat.com/errata/RHSA-2018:1267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7534
https://notcve.org/view.php?id=CVE-2017-7534
11 Apr 2018 — OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. Las versiones 3.x de OpenShift Enterprise son vulnerables a Cross-Site Scripting (XSS) persistente mediante el visor de logs para pods. El error se debe a la falta de saneamiento de entradas de usuario, específicamente los caracteres de e... • http://www.securityfocus.com/bid/103754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4364
https://notcve.org/view.php?id=CVE-2013-4364
08 Jan 2018 — (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. (1) oo-analytics-export y (2) oo-analytics-import en el paquete openshift-origin-broker-util en Red Hat OpenShift Enterprise 1 y 2 permiten que los usuarios locales provoquen un impacto sin especificar mediante un ataque symlink en un archivo no especificado en /tmp. • https://bugzilla.redhat.com/show_bug.cgi?id=1009734 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0238
https://notcve.org/view.php?id=CVE-2015-0238
25 Sep 2017 — selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. selinux-policy tal y como está incluido en Red Hat OpenShift 2 permite que los atacantes obtengan información de la lista de procesos mediante un ataque de escalado de privilegios. • https://access.redhat.com/security/cve/CVE-2015-0238 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •