CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3664 – jenkins: directory traversal flaw (SECURITY-131)
https://notcve.org/view.php?id=CVE-2014-3664
15 Oct 2014 — Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Overall/READ leer archivos arbitrarios a través de vectores no especificados OpenShift Enterprise by Red Hat is the company's cloud computi... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3681 – jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)
https://notcve.org/view.php?id=CVE-2014-3681
15 Oct 2014 — Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS in Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for ... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0164 – mcollective: world readable client config
https://notcve.org/view.php?id=CVE-2014-0164
02 May 2014 — openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. openshift-origin-broker-util, utilizado en Red Hat OpenShift Enterprise 1.2.7 y 2.0.5, utiliza permisos de lectura universal para el archivo de configuración de mcollective client.cfg, lo que permite a usuarios locales obtener credenciales y ... • http://rhn.redhat.com/errata/RHSA-2014-0460.html • CWE-310: Cryptographic Issues CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0188 – OpenShift: openshift-origin-broker plugin allows impersonation
https://notcve.org/view.php?id=CVE-2014-0188
23 Apr 2014 — The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. El openshift-origin-broker en Red Hat OpenShift Enterprise 2.0.5, 1.2.7, y anteriores no maneja adecuadamente las peticiones de autenticación provenientes del plugin de autenticación de us... • http://rhn.redhat.com/errata/RHSA-2014-0422.html • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1869 – stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws
https://notcve.org/view.php?id=CVE-2014-1869
08 Feb 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). Múltiples vulnerabilidades de XSS en ZeroClipboard.swf en ZeroClipboard anterior a 1.3.2, mantenido por Jon Rohan y James M. Greene, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vect... • http://secunia.com/advisories/56821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 91%CPEs: 7EXPL: 2CVE-2013-2186 – commons-fileupload: Arbitrary file upload via deserialization
https://notcve.org/view.php?id=CVE-2013-2186
16 Oct 2013 — The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a tr... • https://github.com/GrrrDog/ACEDcup • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •