CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0CVE-2023-0056 – haproxy: segfault DoS
https://notcve.org/view.php?id=CVE-2023-0056
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. • https://access.redhat.com/security/cve/CVE-2023-0056 https://bugzilla.redhat.com/show_bug.cgi?id=2160808 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22863 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-22863
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. IBM Robotic Process Automation 20.12.0 a 21.0.2 utiliza de forma predeterminada HTTP en algunos comandos RPA cuando el prefijo no se especifica explícitamente en la URL. Esto podría permitir a un atacante obtener información confidencial utilizando técnicas de intermediario. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244109 https://www.ibm.com/support/pages/node/6855837 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22594 – IBM Robotic Process Automation for Cloud Pak cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22594
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. IBM Robotic Process Automation para Cloud Pak 20.12.0 a 21.0.4 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 https://www.ibm.com/support/pages/node/6855835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22592 – IBM Robotic Process Automation for Cloud Pak insufficient permission settings
https://notcve.org/view.php?id=CVE-2023-22592
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. IBM Robotic Process Automation para Cloud Pak 21.0.1 a 21.0.4 podría permitir que un usuario local realice acciones no autorizadas debido a una configuración de permisos insuficiente. ID de IBM X-Force: 244073. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244073 https://www.ibm.com/support/pages/node/6855839 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3466 – Cri-o: security regression of cve-2022-27652
https://notcve.org/view.php?id=CVE-2022-3466
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. La versión de cri-o publicada para Red Hat OpenShift Container Platform 4.9.48, 4.10.31 y 4.11.6 a través de RHBA-2022:6316, RHBA-2022:6257 y RHBA-2022:6658, respectivamente, incluía una versión incorrecta de cri-o le falta la solución para CVE-2022-27652, que se solucionó anteriormente en OCP 4.9.41 y 4.10.12 a través de RHBA-2022:5433 y RHSA-2022:1600. Este problema podría permitir que un atacante con acceso a programas con capacidades de archivos heredables eleve esas capacidades al conjunto permitido cuando se ejecuta execve(2). • https://access.redhat.com/errata/RHSA-2022:7398 https://access.redhat.com/security/cve/CVE-2022-3466 https://bugzilla.redhat.com/show_bug.cgi?id=2134063 • CWE-276: Incorrect Default Permissions •