Vulnerabilities > Redhat > Openshift > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-31 | CVE-2016-8631 | Improper Input Validation vulnerability in Redhat Openshift 3.0/3.3 The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. | 7.7 |
| 2018-07-13 | CVE-2018-10875 | Untrusted Search Path vulnerability in multiple products A flaw was found in ansible. | 4.6 |
| 2018-07-05 | CVE-2018-10885 | Improper Input Validation vulnerability in Redhat Openshift In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. | 5.0 |
| 2018-05-08 | CVE-2017-2611 | Incorrect Authorization vulnerability in multiple products Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). | 4.0 |
| 2018-04-30 | CVE-2018-1102 | Improper Input Validation vulnerability in Redhat Openshift A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. | 8.8 |
| 2018-04-24 | CVE-2018-1059 | Information Exposure vulnerability in multiple products The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. | 2.9 |
| 2018-04-11 | CVE-2017-7534 | Cross-site Scripting vulnerability in Redhat Openshift OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. | 3.5 |
| 2017-11-09 | CVE-2015-7501 | Deserialization of Untrusted Data vulnerability in Redhat products Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2017-08-07 | CVE-2015-7561 | Permissions, Privileges, and Access Controls vulnerability in multiple products Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | 3.5 |
| 2016-04-11 | CVE-2015-7528 | Information Exposure vulnerability in multiple products Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | 5.3 |