Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
975 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-3708 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. | ||||
CVE-2016-3703 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. | ||||
CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 14 Content Security Management Appliance, Node.js, Openssl and 11 more | 2024-11-21 | 7.5 High |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | ||||
CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-11-21 | N/A |
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | ||||
CVE-2016-2149 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. | ||||
CVE-2016-2142 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | ||||
CVE-2016-2074 | 2 Openvswitch, Redhat | 3 Openvswitch, Openshift, Openstack | 2024-11-21 | N/A |
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. | ||||
CVE-2016-1906 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | N/A |
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | ||||
CVE-2016-1905 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | N/A |
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | ||||
CVE-2016-1000232 | 3 Ibm, Redhat, Salesforce | 5 Api Connect, Openshift, Openshift Container Platform and 2 more | 2024-11-21 | N/A |
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. | ||||
CVE-2016-1000229 | 2 Redhat, Smartbear | 4 Jboss Amq, Jboss Fuse, Openshift and 1 more | 2024-11-21 | 6.1 Medium |
swagger-ui has XSS in key names | ||||
CVE-2016-1000220 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-11-21 | N/A |
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. | ||||
CVE-2016-1000219 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-11-21 | N/A |
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. | ||||
CVE-2016-0792 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. | ||||
CVE-2016-0791 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. | ||||
CVE-2016-0790 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | ||||
CVE-2016-0789 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
CVE-2016-0788 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | ||||
CVE-2015-8851 | 2 Node-uuid Project, Redhat | 2 Node-uuid, Openshift | 2024-11-21 | 7.5 High |
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. | ||||
CVE-2015-8103 | 2 Jenkins, Redhat | 3 Jenkins, Openshift, Openshift Container Platform | 2024-11-21 | 9.8 Critical |
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". |