RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
7.5CVSS
7.5AI Score
0.009EPSS
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
7.3CVSS
7.2AI Score
0.001EPSS
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
5.9CVSS
5.4AI Score
0.002EPSS
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
7.8CVSS
7.9AI Score
0.0004EPSS
OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by ...
6.5CVSS
6.1AI Score
0.001EPSS