VYPR

Openshift

by Red Hat

Source repositories

CVEs (144)

  • CVE-2015-7501CriNov 9, 2017
    risk 0.70cvss 9.8epss 0.83

    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform…

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2016-2074CriJul 3, 2016
    risk 0.64cvss 9.8epss 0.06

    Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.

  • CVE-2016-0791CriApr 7, 2016
    risk 0.64cvss 9.8epss 0.03

    Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.

  • CVE-2016-0792HigApr 7, 2016
    risk 0.60cvss 8.8epss 0.83

    Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.

  • CVE-2015-5254CriJan 8, 2016
    risk 0.60cvss 9.8epss 0.38

    Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

  • CVE-2016-5766HigAug 7, 2016
    risk 0.58cvss 8.8epss 0.08

    Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and…

  • CVE-2016-0788CriApr 7, 2016
    risk 0.58cvss 9.8epss 0.12

    The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.

  • CVE-2026-1784HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.00

    The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy…

  • CVE-2016-3738HigJun 8, 2016
    risk 0.57cvss 8.8epss 0.02

    Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

  • CVE-2015-5317HigKEVNov 25, 2015
    risk 0.56cvss 7.5epss 0.22

    The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

  • CVE-2018-10843HigJul 2, 2018
    risk 0.55cvss 8.5epss 0.01

    source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this…

  • CVE-2013-4364HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.

  • CVE-2016-2160HigJun 8, 2016
    risk 0.51cvss 8.8epss 0.04

    Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

  • CVE-2015-7538HigFeb 3, 2016
    risk 0.50cvss 8.8epss 0.02

    Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.

  • CVE-2015-7537HigFeb 3, 2016
    risk 0.50cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

  • CVE-2024-45497HigDec 31, 2024
    risk 0.49cvss 7.6epss 0.01

    A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from…

  • CVE-2016-7075HigSep 10, 2018
    risk 0.49cvss 7.5epss 0.02

    It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.

  • CVE-2016-5409HigApr 20, 2017
    risk 0.49cvss 7.5epss 0.01

    Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

  • CVE-2026-35091HigApr 1, 2026
    risk 0.46cvss 8.2epss 0.01

    A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing…

Page 1 of 8