Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
931 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-2066 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | ||||
CVE-2014-2061 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. | ||||
CVE-2014-2060 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. | ||||
CVE-2014-2064 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | ||||
CVE-2014-2065 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie. | ||||
CVE-2014-1869 | 2 Redhat, Zeroclipboard Project | 2 Openshift, Zeroclipboard | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). | ||||
CVE-2014-0233 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | ||||
CVE-2014-0234 | 1 Redhat | 1 Openshift | 2024-08-06 | 9.8 Critical |
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | ||||
CVE-2014-0188 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. | ||||
CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2024-08-06 | 9.8 Critical |
mcollective has a default password set at install | ||||
CVE-2014-0164 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | ||||
CVE-2014-0163 | 1 Redhat | 1 Openshift | 2024-08-06 | 8.8 High |
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | ||||
CVE-2014-0084 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-08-06 | 5.5 Medium |
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. | ||||
CVE-2014-0068 | 1 Redhat | 2 Openshift, Openshift-origin-node-util | 2024-08-06 | 5.5 Medium |
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | ||||
CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-08-06 | 7.8 High |
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | ||||
CVE-2014-0003 | 2 Apache, Redhat | 10 Camel, Fuse Esb Enterprise, Fuse Management Console and 7 more | 2024-08-06 | N/A |
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. | ||||
CVE-2015-8851 | 2 Node-uuid Project, Redhat | 2 Node-uuid, Openshift | 2024-08-06 | 7.5 High |
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. | ||||
CVE-2015-8103 | 2 Jenkins, Redhat | 3 Jenkins, Openshift, Openshift Container Platform | 2024-08-06 | 9.8 Critical |
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". | ||||
CVE-2015-8011 | 4 Debian, Fedoraproject, Lldpd Project and 1 more | 8 Debian Linux, Fedora, Lldpd and 5 more | 2024-08-06 | 9.8 Critical |
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. | ||||
CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-06 | N/A |
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. |