CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-0833 – Red hat a-mq streams: component version with information disclosure flaw
https://notcve.org/view.php?id=CVE-2023-0833
15 Mar 2023 — A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. Se encontró una falla en AMQ-Streams de Red Hat, que incluye una versión del componente OKHttp con una falla de divulgación de información a través de una excepción activada por un encabezado que contiene un va... • https://access.redhat.com/errata/RHSA-2023:1241 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-4178 – kubernetes-client: Insecure deserialization in unmarshalYaml method
https://notcve.org/view.php?id=CVE-2021-4178
09 Feb 2022 — A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. Se ha encontrado un fallo de ejecución de código arbitrario en el cliente de Kubernetes Fabric 8 afectando a versiones 5.0.0-beta-1 y superiores. Debido a una configuración incorrecta del análisis de YAML, esto permitirá a un atacante local y con privilegios suministrar YA... • https://access.redhat.com/security/cve/CVE-2021-4178 • CWE-502: Deserialization of Untrusted Data •