CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10365
https://notcve.org/view.php?id=CVE-2019-10365
31 Jul 2019 — Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. El Plugin Google Kubernetes Engine de Jenkins versión 0.6.2 y anteriores, crearon un archivo temporal que contenía un token de acceso temporal en el espacio de trabajo del proyecto, donde los usuarios podían acceder a el con permiso de Trabajo y Lectura. • http://www.openwall.com/lists/oss-security/2019/07/31/1 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.3EPSS: 55%CPEs: 43EXPL: 39CVE-2019-5736 – runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout
https://notcve.org/view.php?id=CVE-2019-5736
11 Feb 2019 — runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/sel... • https://packetstorm.news/files/id/165197 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-672: Operation on a Resource after Expiration or Release •