Vulnerabilities > Redhat > Openshift
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2013-7370 | Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 4.3 |
| 2019-12-05 | CVE-2013-0163 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0 OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | 2.1 |
| 2019-12-03 | CVE-2013-2103 | Improper Input Validation vulnerability in Redhat Openshift 1.0 OpenShift cartridge allows remote URL retrieval | 5.5 |
| 2019-11-19 | CVE-2012-6135 | Improper Input Validation vulnerability in multiple products RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | 6.4 |
| 2019-11-15 | CVE-2014-0023 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | 4.6 |
| 2019-11-05 | CVE-2013-5123 | Improper Authentication vulnerability in multiple products The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | 4.3 |
| 2019-11-01 | CVE-2013-0165 | Improper Input Validation vulnerability in Redhat Openshift cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | 7.3 |
| 2019-10-08 | CVE-2019-14845 | Download of Code Without Integrity Check vulnerability in Redhat Openshift A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. | 5.3 |
| 2019-09-04 | CVE-2019-6648 | Information Exposure Through Log Files vulnerability in multiple products On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | 4.4 |
| 2019-08-01 | CVE-2019-3884 | Authentication Bypass by Spoofing vulnerability in Redhat Openshift A vulnerability exists in the garbage collection mechanism of atomic-openshift. | 5.4 |