Vulnerabilities > Redhat > Openshift > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2014-0234 | Insecure Default Initialization of Resource vulnerability in Redhat Openshift The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. | 9.8 |
| 2020-01-28 | CVE-2013-2060 | OS Command Injection vulnerability in Redhat Openshift 1.0 The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | 10.0 |
| 2019-12-13 | CVE-2014-0175 | Use of Hard-coded Credentials vulnerability in multiple products mcollective has a default password set at install | 9.8 |
| 2019-12-11 | CVE-2014-0163 | OS Command Injection vulnerability in Redhat Openshift 1.0/2.0 Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | 9.0 |
| 2017-11-09 | CVE-2015-7501 | Deserialization of Untrusted Data vulnerability in Redhat products Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2016-06-08 | CVE-2016-2160 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift and Openshift Origin Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | 9.0 |
| 2016-04-07 | CVE-2016-0788 | Permissions, Privileges, and Access Controls vulnerability in Jenkins The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | 10.0 |
| 2016-04-07 | CVE-2016-0792 | Improper Input Validation vulnerability in Jenkins Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. | 9.0 |
| 2016-01-08 | CVE-2015-5254 | Improper Input Validation vulnerability in multiple products Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | 9.8 |