Vulnerabilities > Redhat > Openshift > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-19 CVE-2012-6135 Improper Input Validation vulnerability in multiple products
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
network
low complexity
phusion redhat CWE-20
7.5
2019-11-15 CVE-2014-0023 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
local
low complexity
redhat CWE-668
7.8
2019-11-01 CVE-2013-0165 Improper Input Validation vulnerability in Redhat Openshift
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
network
low complexity
redhat CWE-20
7.3
2019-02-11 CVE-2019-5736 OS Command Injection vulnerability in multiple products
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec.
8.6
2018-09-21 CVE-2018-14645 Out-of-bounds Read vulnerability in multiple products
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2.
network
low complexity
haproxy canonical redhat CWE-125
7.5
2018-09-10 CVE-2016-7075 It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields.
network
high complexity
kubernetes redhat
8.1
2018-07-31 CVE-2016-8631 Unspecified vulnerability in Redhat Openshift 3.0/3.3
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes.
network
low complexity
redhat
7.7
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-07-05 CVE-2018-10885 Improper Input Validation vulnerability in Redhat Openshift
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin.
network
low complexity
redhat CWE-20
7.5
2018-04-30 CVE-2018-1102 Unspecified vulnerability in Redhat Openshift
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x.
network
low complexity
redhat
8.8