Vulnerabilities > Redhat > Openshift

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2013-7370 Cross-site Scripting vulnerability in multiple products
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
network
low complexity
redhat sencha opensuse debian CWE-79
6.1
2019-12-05 CVE-2013-0163 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
local
low complexity
redhat CWE-668
5.5
2019-12-03 CVE-2013-2103 Improper Input Validation vulnerability in Redhat Openshift 1.0
OpenShift cartridge allows remote URL retrieval
network
low complexity
redhat CWE-20
8.1
2019-11-19 CVE-2012-6135 Improper Input Validation vulnerability in multiple products
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
network
low complexity
phusion redhat CWE-20
7.5
2019-11-15 CVE-2014-0023 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
local
low complexity
redhat CWE-668
7.8
2019-11-05 CVE-2013-5123 Improper Authentication vulnerability in multiple products
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
network
high complexity
pypa virtualenv fedoraproject redhat debian CWE-287
5.9
2019-11-01 CVE-2013-0165 Improper Input Validation vulnerability in Redhat Openshift
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
network
low complexity
redhat CWE-20
7.3
2019-10-08 CVE-2019-14845 Unspecified vulnerability in Redhat Openshift
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3.
high complexity
redhat
5.3
2019-09-04 CVE-2019-6648 Information Exposure Through Log Files vulnerability in multiple products
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
local
low complexity
f5 redhat CWE-532
4.4
2019-08-01 CVE-2019-3884 Unspecified vulnerability in Redhat Openshift
A vulnerability exists in the garbage collection mechanism of atomic-openshift.
network
low complexity
redhat
5.4