CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1712 – systemd: use-after-free when asynchronous polkit queries are performed
https://notcve.org/view.php?id=CVE-2020-1712
05 Feb 2020 — A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. Se detectó una vulnerabilidad uso de la memoria previamente liberada de la pila en systemd versiones anteriores a v245-rc1, donde se llevaron a cabo consultas de Polkit asinc... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2060
https://notcve.org/view.php?id=CVE-2013-2060
28 Jan 2020 — The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. La función download_from_url en OpenShift Origin, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en la URL de una petición para descargar un carrito. • http://www.openwall.com/lists/oss-security/2013/05/07/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0175
https://notcve.org/view.php?id=CVE-2014-0175
13 Dec 2019 — mcollective has a default password set at install mcollective presenta una contraseña predeterminada establecida en la instalación. • https://access.redhat.com/security/cve/cve-2014-0175 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0163
https://notcve.org/view.php?id=CVE-2014-0163
11 Dec 2019 — Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. OpenShift presenta fallos de inyección de comandos de shell debido a que los datos no saneados son pasados a los comandos de shell. • https://access.redhat.com/security/cve/cve-2014-0163 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0163
https://notcve.org/view.php?id=CVE-2013-0163
05 Dec 2019 — OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS Un cartucho haproxy de OpenShift: un /tmp predecible en el enlace de conexión set-proxy que podría facilitar una DoS. • https://access.redhat.com/security/cve/cve-2013-0163 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2103
https://notcve.org/view.php?id=CVE-2013-2103
03 Dec 2019 — OpenShift cartridge allows remote URL retrieval El cartucho de OpenShift permite la recuperación remota de la URL. • https://access.redhat.com/security/cve/cve-2013-2103 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6135
https://notcve.org/view.php?id=CVE-2012-6135
19 Nov 2019 — RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. RubyGems passenger versión 4.0.0 betas 1 y 2, permite a atacantes remotos eliminar archivos arbitrarios durante el proceso de inicio. • http://www.openwall.com/lists/oss-security/2013/03/02/1 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10174 – infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
https://notcve.org/view.php?id=CVE-2019-10174
18 Nov 2019 — A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application. Se encontró una vulnerabilidad en Infinispan, de modo que el método invokeAccessibly de la clase pública ReflectionUtil permite que cualquier clase de aplicación invoque métodos privados en cualquier clase co... • https://access.redhat.com/errata/RHSA-2020:0481 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 1CVE-2013-5123 – phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect
https://notcve.org/view.php?id=CVE-2013-5123
05 Nov 2019 — The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. El soporte de duplicación (-M, --use-mirrors) en Python Pip versiones anteriores a la versión 1.5, utiliza consultas DNS no seguras y comprobaciones de autenticidad que permiten a atacantes realizar ataques de tipo man-in-the-middle. • https://www.exploit-db.com/exploits/24086 • CWE-287: Improper Authentication •