CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10213 – openshift: Secret data written to pod logs when operator set at Debug level or higher
https://notcve.org/view.php?id=CVE-2019-10213
17 Sep 2019 — OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. OpenShift Container Platform, versiones 4.1 y 4.2, no sanea los datos secretos escritos en los registros de pod cuando el nivel de registro en un operador dado se establece en Debug o superior. ... • https://access.redhat.com/errata/RHSA-2019:4082 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 10%CPEs: 55EXPL: 0CVE-2019-9514 – Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9514
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3889 – atomic-openshift: reflected XSS in authentication flow
https://notcve.org/view.php?id=CVE-2019-3889
11 Jul 2019 — A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. Se presenta una vulnerabilidad de tipo XSS reflejada en el flujo de autorización de OpenShift Container Platform versiones: openshift-online- versión 3, openshift-enterprise- versiones 3.4 hasta 3.7 y open... • https://access.redhat.com/errata/RHSA-2019:3722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 3%CPEs: 42EXPL: 0CVE-2018-10237 – guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10237
26 Apr 2018 — Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Asignación de memoria ... • http://www.securitytracker.com/id/1041707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •