CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0084
https://notcve.org/view.php?id=CVE-2014-0084
21 Nov 2019 — Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. La gema openshift-origin-node de Ruby antes del 14-02-2014, no contiene un tiempo de espera en cronjob lo que podría resultar en una denegación de servicio en cron.daily y cron.weekly. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-3592
https://notcve.org/view.php?id=CVE-2014-3592
13 Nov 2019 — OpenShift Origin: Improperly validated team names could allow stored XSS attacks OpenShift Origin: los nombres de equipo validados inapropiadamente podrían permitir ataques de tipo XSS almacenados. • https://access.redhat.com/security/cve/cve-2014-3592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5250 – OpenShift: Malformed JSON can cause API process crash
https://notcve.org/view.php?id=CVE-2015-5250
04 Sep 2015 — The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data. Vulnerabilidad en el servidor API en OpenShift Origin 1.0.5, permite a atacantes remotos causar una denegación de servicio (caída del proceso maestro) a través de datos JSON manipulados. It was found that improper error handling in the API server could cause the master process to crash. A user with network access to the master could use this flaw to crash the master pro... • https://access.redhat.com/errata/RHSA-2015:1736 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0164 – openshift-origin-port-proxy: openshift-port-proxy-cfg lockwrap() tmp file creation
https://notcve.org/view.php?id=CVE-2013-0164
24 Feb 2013 — The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. La función "lockwrap" en port-proxy/bin/openshift-port-proxy-cfg en Red Hat OpenShift Origin anterior a v1.1 permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp. • http://rhn.redhat.com/errata/RHSA-2013-0220.html • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5658 – Origin: rhc-chk.rb password exposure in log files
https://notcve.org/view.php?id=CVE-2012-5658
24 Feb 2013 — rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels. RHC-chk.rb en Red Hat OpenShift Origin anterior a v1,1, cuando -d (modo de depuración) se utiliza, muestra la contraseña y otra información confidencial en texto plano, lo que permite a atacantes dependientes d... • http://rhn.redhat.com/errata/RHSA-2013-0220.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5646 – openshift-origin-node-util: restorer.php preg_match shell code injection
https://notcve.org/view.php?id=CVE-2012-5646
24 Feb 2013 — node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos ejecutar comandos arbitrarios mediante un uuid falsificado en el PATH_INFO. • http://rhn.redhat.com/errata/RHSA-2013-0148.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5647 – openshift-origin-node-util: restorer.php arbitrary URL redirection
https://notcve.org/view.php?id=CVE-2012-5647
24 Feb 2013 — Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO. Vulnerabilidad de redirección en node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos redirigir usuarios a sitios Web Arbitrarios y llevar a cabo ataques de phishing mediante una URL en el PATH_INFO. • http://rhn.redhat.com/errata/RHSA-2013-0148.html • CWE-20: Improper Input Validation •