Vulnerabilities > Redhat > Openshift
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-05 | CVE-2013-0163 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0 OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | 2.1 |
2019-12-03 | CVE-2013-2103 | Improper Input Validation vulnerability in Redhat Openshift 1.0 OpenShift cartridge allows remote URL retrieval | 5.5 |
2019-11-19 | CVE-2012-6135 | Improper Input Validation vulnerability in multiple products RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | 6.4 |
2019-11-15 | CVE-2014-0023 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | 4.6 |
2019-11-05 | CVE-2013-5123 | Improper Authentication vulnerability in multiple products The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | 4.3 |
2019-11-01 | CVE-2013-0165 | Improper Input Validation vulnerability in Redhat Openshift cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | 7.3 |
2019-10-08 | CVE-2019-14845 | Download of Code Without Integrity Check vulnerability in Redhat Openshift A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. | 5.3 |
2019-09-04 | CVE-2019-6648 | Information Exposure Through Log Files vulnerability in multiple products On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | 4.4 |
2019-08-01 | CVE-2019-3884 | Authentication Bypass by Spoofing vulnerability in Redhat Openshift A vulnerability exists in the garbage collection mechanism of atomic-openshift. | 5.4 |
2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |