Vulnerabilities > Redhat > Openshift

DATE CVE VULNERABILITY TITLE RISK
2018-04-30 CVE-2018-1102 Unspecified vulnerability in Redhat Openshift
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x.
network
low complexity
redhat
8.8
2018-04-24 CVE-2018-1059 Information Exposure vulnerability in multiple products
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations.
high complexity
canonical redhat dpdk CWE-200
6.1
2018-04-16 CVE-2016-9592 Resource Management Errors vulnerability in Redhat Openshift 3.2.1.23/3.3.1.11/3.4
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error.
network
low complexity
redhat CWE-399
4.3
2018-04-11 CVE-2017-7534 Cross-site Scripting vulnerability in Redhat Openshift
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods.
network
low complexity
redhat CWE-79
5.4
2018-03-09 CVE-2018-1069 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift 3.7
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems.
high complexity
redhat CWE-732
7.1
2018-01-08 CVE-2013-4364 Link Following vulnerability in Redhat Openshift 1.0/2.0
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
local
low complexity
redhat CWE-59
7.8
2017-11-09 CVE-2015-7501 Deserialization of Untrusted Data vulnerability in Redhat products
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
redhat CWE-502
critical
9.8
2017-09-26 CVE-2015-0238 Information Exposure vulnerability in Redhat Openshift 2.0
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
local
low complexity
redhat CWE-200
3.3
2017-08-07 CVE-2015-7561 Permissions, Privileges, and Access Controls vulnerability in multiple products
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
network
high complexity
kubernetes redhat CWE-264
3.1
2017-06-19 CVE-2017-1000376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack.
local
high complexity
redhat debian libffi-project oracle CWE-119
7.0