Filtered by vendor Redhat Subscriptions
Filtered by product Openshift Subscriptions
Total 975 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-9592 1 Redhat 1 Openshift 2024-11-21 N/A
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.
CVE-2016-9587 2 Ansible, Redhat 7 Ansible, Ansible, Openshift and 4 more 2024-11-21 8.1 High
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
CVE-2016-8651 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-21 N/A
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
CVE-2016-8631 1 Redhat 1 Openshift 2024-11-21 N/A
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
CVE-2016-8628 1 Redhat 2 Ansible, Openshift 2024-11-21 N/A
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
CVE-2016-7075 2 Kubernetes, Redhat 2 Kubernetes, Openshift 2024-11-21 N/A
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
CVE-2016-5766 6 Debian, Fedoraproject, Freebsd and 3 more 8 Debian Linux, Fedora, Freebsd and 5 more 2024-11-21 N/A
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
CVE-2016-5418 3 Libarchive, Oracle, Redhat 11 Libarchive, Linux, Enterprise Linux and 8 more 2024-11-21 N/A
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
CVE-2016-5409 1 Redhat 1 Openshift 2024-11-21 N/A
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
CVE-2016-5392 1 Redhat 1 Openshift 2024-11-21 N/A
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
CVE-2016-5325 3 Nodejs, Redhat, Suse 4 Node.js, Openshift, Rhel Software Collections and 1 more 2024-11-21 N/A
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
CVE-2016-3738 1 Redhat 1 Openshift 2024-11-21 N/A
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
CVE-2016-3727 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
CVE-2016-3726 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
CVE-2016-3725 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
CVE-2016-3724 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.
CVE-2016-3723 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
CVE-2016-3722 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
CVE-2016-3721 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 4.3 Medium
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
CVE-2016-3711 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 N/A
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.