Page 34 of 187 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10937

https://notcve.org/view.php?id=CVE-2018-10937

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim. Existe un error de Cross-Site Scripting (XSS) en el componente tetonic-console de Openshift Container Platform 3.11. Un atacante que pueda crear pods puede emplear este error para realizar acciones en la API K8s como víctima. • http://www.securityfocus.com/bid/105190 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937 https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c https://github.com/openshift/console/pull/461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-14632 – atomic-openshift: oc patch with json causes masterapi service crash

https://notcve.org/view.php?id=CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. Puede ocurrir una escritura fuera de límites al parchear un objeto Openshift mediante la funcionalidad "oc patch" en OpenShift Container Platform, en versiones anteriores a la 3.7. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en el servicio de la API maestra de Openshift que gestiona los clústeres. An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. • https://access.redhat.com/errata/RHBA-2018:2652 https://access.redhat.com/errata/RHSA-2018:2654 https://access.redhat.com/errata/RHSA-2018:2709 https://access.redhat.com/errata/RHSA-2018:2906 https://access.redhat.com/errata/RHSA-2018:2908 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632 https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e https://access.redhat.com/security/cve/CVE-2018-14632 https://bugzilla.redhat. • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2018-16540 – ghostscript: use-after-free in copydevice handling (699661)

https://notcve.org/view.php?id=CVE-2018-16540

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados al convertidor PDF14 integrado podrían emplear un uso de memoria previamente liberada en el manejo de copydevice para provocar el cierre inesperado del intérprete u otro tipo de impacto sin especificar. It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c432131c3fdb2143e148e8ba88555f7f7a63b25e https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0229 https://bugs.ghostscript.com/show_bug.cgi?id=699661 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.artifex.com/news/ghostscript-security-resolved https://www.debian.org/security/2018/dsa-4 • CWE-416: Use After Free •

CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 0

CVE-2018-12115 – nodejs: Out of bounds (OOB) write via UCS-2 encoding

https://notcve.org/view.php?id=CVE-2018-12115

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written. En todas las versiones de Node.js anteriores a la 6.14.4, 8.11.4 y 10.9.0, cuando se utiliza con codificación UCS-2 (reconocida por Node.js bajo los nombres "ucs2", "ucs-2", "utf16le" y "utf-16le"), se puede explotar "Buffer#write()" para escribir fuera de los límites de un búfer. Las escrituras que empiezan desde la segunda hasta la última posición de un búfer provocan un error de cálculo de la longitud máxima de los bytes de entrada que se van a escribir. • http://www.securityfocus.com/bid/105127 https://access.redhat.com/errata/RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2944 https://access.redhat.com/errata/RHSA-2018:2949 https://access.redhat.com/errata/RHSA-2018:3537 https://nodejs.org/en/blog/vulnerability/august-2018-security-releases https://security.gentoo.org/glsa/202003-48 https://access.redhat.com/security/cve/CVE-2018-12115 https://bugzilla.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15138

https://notcve.org/view.php?id=CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. La lectura en clúster de OpenShift Enterprise puede acceder a tokens webhook que permitirían a un atacante con privilegios suficientes ver tokens webhook confidenciales. • https://access.redhat.com/errata/RHBA-2018:0489 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •