Filtered by vendor Redhat Subscriptions
Filtered by product Openshift Subscriptions
Total 975 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-3708 1 Redhat 1 Openshift 2024-11-21 N/A
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
CVE-2016-3703 1 Redhat 1 Openshift 2024-11-21 N/A
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
CVE-2016-2183 6 Cisco, Nodejs, Openssl and 3 more 14 Content Security Management Appliance, Node.js, Openssl and 11 more 2024-11-21 7.5 High
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
CVE-2016-2160 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 N/A
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
CVE-2016-2149 1 Redhat 1 Openshift 2024-11-21 N/A
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
CVE-2016-2142 1 Redhat 1 Openshift 2024-11-21 N/A
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
CVE-2016-2074 2 Openvswitch, Redhat 3 Openvswitch, Openshift, Openstack 2024-11-21 N/A
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
CVE-2016-1906 2 Kubernetes, Redhat 2 Kubernetes, Openshift 2024-11-21 N/A
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
CVE-2016-1905 2 Kubernetes, Redhat 2 Kubernetes, Openshift 2024-11-21 N/A
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
CVE-2016-1000232 3 Ibm, Redhat, Salesforce 5 Api Connect, Openshift, Openshift Container Platform and 2 more 2024-11-21 N/A
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
CVE-2016-1000229 2 Redhat, Smartbear 4 Jboss Amq, Jboss Fuse, Openshift and 1 more 2024-11-21 6.1 Medium
swagger-ui has XSS in key names
CVE-2016-1000220 2 Elastic, Redhat 2 Kibana, Openshift 2024-11-21 N/A
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
CVE-2016-1000219 2 Elastic, Redhat 2 Kibana, Openshift 2024-11-21 N/A
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
CVE-2016-0792 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
CVE-2016-0791 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
CVE-2016-0790 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
CVE-2016-0789 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2016-0788 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
CVE-2015-8851 2 Node-uuid Project, Redhat 2 Node-uuid, Openshift 2024-11-21 7.5 High
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.
CVE-2015-8103 2 Jenkins, Redhat 3 Jenkins, Openshift, Openshift Container Platform 2024-11-21 9.8 Critical
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".