Page 7 of 129 results (0.013 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS Un cartucho haproxy de OpenShift: un /tmp predecible en el enlace de conexión set-proxy que podría facilitar una DoS. • https://access.redhat.com/security/cve/cve-2013-0163 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

OpenShift cartridge allows remote URL retrieval El cartucho de OpenShift permite la recuperación remota de la URL. • https://access.redhat.com/security/cve/cve-2013-2103 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. RubyGems passenger versión 4.0.0 betas 1 y 2, permite a atacantes remotos eliminar archivos arbitrarios durante el proceso de inicio. • http://www.openwall.com/lists/oss-security/2013/03/02/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135 https://exchange.xforce.ibmcloud.com/vulnerabilities/82533 https://security-tracker.debian.org/tracker/CVE-2012-6135 https://www.securityfocus.com/bid/58259 • CWE-20: Improper Input Validation •

CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 1

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. El soporte de duplicación (-M, --use-mirrors) en Python Pip versiones anteriores a la versión 1.5, utiliza consultas DNS no seguras y comprobaciones de autenticidad que permiten a atacantes realizar ataques de tipo man-in-the-middle. • https://www.exploit-db.com/exploits/24086 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html http://www.openwall.com/lists/oss-security/2013/08/21/17 http://www.openwall.com/lists/oss-security/2013/08/21/18 http://www.securityfocus.com/bid/77520 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123 https&# • CWE-287: Improper Authentication •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. Se encontró una vulnerabilidad en las compilaciones de OpenShift, versiones 4.1 hasta 4.3. Las compilaciones que extraen el origen de una imagen de contenedor, omiten la comprobación del nombre del host TLS. • https://access.redhat.com/errata/RHSA-2019:4101 https://access.redhat.com/errata/RHSA-2019:4237 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845 https://access.redhat.com/security/cve/CVE-2019-14845 https://bugzilla.redhat.com/show_bug.cgi?id=1754662 • CWE-494: Download of Code Without Integrity Check •