Vulnerabilities > Redhat > Openshift > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-1485 Path Traversal vulnerability in multiple products
A flaw was found in the decompression function of registry-support.
network
low complexity
redhat devfile CWE-22
critical
9.3
2022-06-30 CVE-2013-4561 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file.
network
low complexity
redhat CWE-668
critical
9.1
2020-02-12 CVE-2014-0234 Insecure Default Initialization of Resource vulnerability in Redhat Openshift
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920.
network
low complexity
redhat CWE-1188
critical
9.8
2020-01-28 CVE-2013-2060 OS Command Injection vulnerability in Redhat Openshift 1.0
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
network
low complexity
redhat CWE-78
critical
9.8
2019-12-13 CVE-2014-0175 Use of Hard-coded Credentials vulnerability in multiple products
mcollective has a default password set at install
network
low complexity
puppet redhat debian CWE-798
critical
9.8
2017-11-09 CVE-2015-7501 Deserialization of Untrusted Data vulnerability in Redhat products
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
redhat CWE-502
critical
9.8
2016-07-03 CVE-2016-2074 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
network
low complexity
openvswitch redhat CWE-119
critical
9.8
2016-04-07 CVE-2016-0788 Permissions, Privileges, and Access Controls vulnerability in multiple products
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
network
low complexity
jenkins redhat CWE-264
critical
9.8
2016-04-07 CVE-2016-0791 Information Exposure vulnerability in multiple products
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
network
low complexity
redhat jenkins CWE-200
critical
9.8
2016-01-08 CVE-2015-5254 Improper Input Validation vulnerability in multiple products
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
network
low complexity
redhat apache fedoraproject CWE-20
critical
9.8