CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0165
https://notcve.org/view.php?id=CVE-2013-0165
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. El archivo cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh en OpenShift, no crea apropiadamente los archivos en /tmp. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 1CVE-2019-11253 – Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
https://notcve.org/view.php?id=CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. La comprobación de entrada inapropiada en el servidor API de Kubernetes en las versiones v1.0 hasta 1.12 y versiones anteriores a v1.13.12, v1.14.8, v1.15.5 y v1.16.2, permite a los usuarios autorizados enviar cargas maliciosas de YAML o JSON, causando que el servidor API consuma demasiada CPU o memoria, fallando potencialmente y dejando de estar disponible. En versiones anteriores a v1.14.0, la política predeterminada de RBAC autorizaba a los usuarios anónimos para enviar peticiones que pudieran desencadenar esta vulnerabilidad. • https://access.redhat.com/errata/RHSA-2019:3239 https://access.redhat.com/errata/RHSA-2019:3811 https://access.redhat.com/errata/RHSA-2019:3905 https://github.com/kubernetes/kubernetes/issues/83253 https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs https://security.netapp.com/advisory/ntap-20191031-0006 https://access.redhat.com/security/cve/CVE-2019-11253 https://bugzilla.redhat.com/show_bug.cgi?id=1757701 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.0EPSS: 32%CPEs: 47EXPL: 21CVE-2019-14287 – sudo 1.8.27 - Security Bypass
https://notcve.org/view.php?id=CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro incorrecto, mediante la invocación sudo con un ID de usuario creado. Por ejemplo, esto permite la omisión de la configuración root y el registro USER= para un comando "sudo -u \#$((0xffffffff))". • https://www.exploit-db.com/exploits/47502 https://github.com/n0w4n/CVE-2019-14287 https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287 https://github.com/CMNatic/Dockerized-CVE-2019-14287 https://github.com/axax002/sudo-vulnerability-CVE-2019-14287 https://github.com/N3rdyN3xus/CVE-2019-14287 https://github.com/DewmiApsara/CVE-2019-14287 https://github.com/MariliaMeira/CVE-2019-14287 https://github.com/edsonjt81/CVE-2019-14287- https://github.com/SachinthaDeSilva-cmd& • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14845 – openshift: Container image TLS verification bypass
https://notcve.org/view.php?id=CVE-2019-14845
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. Se encontró una vulnerabilidad en las compilaciones de OpenShift, versiones 4.1 hasta 4.3. Las compilaciones que extraen el origen de una imagen de contenedor, omiten la comprobación del nombre del host TLS. • https://access.redhat.com/errata/RHSA-2019:4101 https://access.redhat.com/errata/RHSA-2019:4237 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845 https://access.redhat.com/security/cve/CVE-2019-14845 https://bugzilla.redhat.com/show_bug.cgi?id=1754662 • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2019-10212 – undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files
https://notcve.org/view.php?id=CVE-2019-10212
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. Se encontró un fallo en, todas las versiones por debajo de la 2.0.20, en el registro DEBUG de Undertow para io.undertow.request.security. Si está habilitado, un atacante podría abusar de este fallo para conseguir las credenciales del usuario de los archivos de registro. A flaw was found in the Undertow DEBUG log for io.undertow.request.security. • https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2020:0727 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212 https://security.netapp.com/advisory/ntap-20220210-0017 https://access.redhat.com/security/cve/CVE-2019-10212 https://bugzilla.redhat.com/show_bug.cgi?id=1731984 • CWE-532: Insertion of Sensitive Information into Log File •