Total
170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-6135 | 2 Phusion, Redhat | 2 Passenger, Openshift | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | |||||
CVE-2019-14845 | 1 Redhat | 1 Openshift | 2024-02-28 | 2.9 LOW | 5.3 MEDIUM |
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. | |||||
CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
mcollective has a default password set at install | |||||
CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | |||||
CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||||
CVE-2013-2103 | 1 Redhat | 1 Openshift | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
OpenShift cartridge allows remote URL retrieval | |||||
CVE-2012-6685 | 2 Nokogiri, Redhat | 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Nokogiri before 1.5.4 is vulnerable to XXE attacks | |||||
CVE-2013-0165 | 1 Redhat | 1 Openshift | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | |||||
CVE-2016-1000229 | 2 Redhat, Smartbear | 3 Jboss Fuse, Openshift, Swagger-ui | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
swagger-ui has XSS in key names | |||||
CVE-2013-2060 | 1 Redhat | 1 Openshift | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | |||||
CVE-2013-0196 | 1 Redhat | 2 Enterprise Linux, Openshift | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | |||||
CVE-2014-0163 | 1 Redhat | 1 Openshift | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | |||||
CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
CVE-2013-0163 | 1 Redhat | 1 Openshift | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | |||||
CVE-2014-0234 | 1 Redhat | 1 Openshift | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | |||||
CVE-2019-3884 | 1 Redhat | 1 Openshift | 2024-02-28 | 5.0 MEDIUM | 5.4 MEDIUM |
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. | |||||
CVE-2019-4239 | 2 Ibm, Redhat | 2 Cloud Private, Openshift | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465. | |||||
CVE-2019-6648 | 2 F5, Redhat | 2 Container Ingress Service, Openshift | 2024-02-28 | 1.9 LOW | 4.4 MEDIUM |
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | |||||
CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2024-02-28 | 9.3 HIGH | 8.6 HIGH |
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | |||||
CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. |