Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
1073 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2025-04-12 | N/A |
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | ||||
CVE-2016-2142 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | ||||
CVE-2014-2062 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | ||||
CVE-2016-1906 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-12 | N/A |
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | ||||
CVE-2014-2060 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. | ||||
CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 14 Content Security Management Appliance, Node.js, Openssl and 11 more | 2025-04-12 | 7.5 High |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | ||||
CVE-2014-3667 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. | ||||
CVE-2016-1905 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-12 | N/A |
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | ||||
CVE-2014-2059 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | ||||
CVE-2016-0792 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. | ||||
CVE-2014-0233 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | ||||
CVE-2014-0188 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. | ||||
CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 28 Mac Os X, Debian Linux, Fedora and 25 more | 2025-04-12 | 3.4 Low |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||||
CVE-2014-3678 | 2 Jenkins-ci, Redhat | 2 Monitoring Plugin, Openshift | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-0791 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. | ||||
CVE-2016-0790 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | ||||
CVE-2016-0789 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
CVE-2016-0788 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | ||||
CVE-2014-0164 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | ||||
CVE-2015-1813 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812. |