Vulnerabilities > Redhat > Openshift > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-14 | CVE-2024-1485 | Path Traversal vulnerability in multiple products A flaw was found in the decompression function of registry-support. | 9.3 |
2022-06-30 | CVE-2013-4561 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. | 9.1 |
2020-02-12 | CVE-2014-0234 | Insecure Default Initialization of Resource vulnerability in Redhat Openshift The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. | 9.8 |
2020-01-28 | CVE-2013-2060 | OS Command Injection vulnerability in Redhat Openshift 1.0 The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | 9.8 |
2019-12-13 | CVE-2014-0175 | Use of Hard-coded Credentials vulnerability in multiple products mcollective has a default password set at install | 9.8 |
2017-11-09 | CVE-2015-7501 | Deserialization of Untrusted Data vulnerability in Redhat products Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
2016-07-03 | CVE-2016-2074 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. | 9.8 |
2016-04-07 | CVE-2016-0788 | Permissions, Privileges, and Access Controls vulnerability in multiple products The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | 9.8 |
2016-04-07 | CVE-2016-0791 | Information Exposure vulnerability in multiple products Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. | 9.8 |
2016-01-08 | CVE-2015-5254 | Improper Input Validation vulnerability in multiple products Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | 9.8 |