CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2012-6685 – rubygem-nokogiri: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2012-6685
Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE. • https://bugzilla.redhat.com/show_bug.cgi?id=1178970 https://github.com/sparklemotion/nokogiri/issues/693 https://nokogiri.org/CHANGELOG.html#154-2012-06-12 https://access.redhat.com/security/cve/CVE-2012-6685 • CWE-611: Improper Restriction of XML External Entity Reference CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1842 – openstack-puppet-modules: pacemaker configured with default password
https://notcve.org/view.php?id=CVE-2015-1842
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. Puppet Manifests en el paquete openstack-puppet-modules de Red Hat anterior a 2014.2.13-2 utiliza una contraseño por defecto de CHANGEME para el demonio pcsd, lo que permite a atacantes remotos ejecutar comandos de shell arbitrarios a través de vectores no especificados. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root. • http://rhn.redhat.com/errata/RHSA-2015-0789.html http://rhn.redhat.com/errata/RHSA-2015-0791.html http://rhn.redhat.com/errata/RHSA-2015-0830.html http://rhn.redhat.com/errata/RHSA-2015-0831.html http://rhn.redhat.com/errata/RHSA-2015-0832.html http://www.securityfocus.com/bid/74049 https://bugzilla.redhat.com/show_bug.cgi?id=1201875 https://access.redhat.com/security/cve/CVE-2015-1842 • CWE-255: Credentials Management Errors CWE-798: Use of Hard-coded Credentials •