Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
931 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3665 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave. | ||||
CVE-2014-3662 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. | ||||
CVE-2014-3681 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2014-3661 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. | ||||
CVE-2014-3667 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. | ||||
CVE-2014-3663 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. | ||||
CVE-2014-3674 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | ||||
CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | ||||
CVE-2014-3678 | 2 Jenkins-ci, Redhat | 2 Monitoring Plugin, Openshift | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2014-3664 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. | ||||
CVE-2014-3680 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. | ||||
CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 28 Mac Os X, Debian Linux, Fedora and 25 more | 2024-08-06 | 3.4 Low |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||||
CVE-2014-3577 | 2 Apache, Redhat | 18 Httpasyncclient, Httpclient, Enterprise Linux and 15 more | 2024-08-06 | N/A |
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. | ||||
CVE-2014-3602 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. | ||||
CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-08-06 | N/A |
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | ||||
CVE-2014-2068 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | ||||
CVE-2014-2062 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | ||||
CVE-2014-2067 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note." | ||||
CVE-2014-2059 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | ||||
CVE-2014-2063 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |