Lucene search
K
RedhatOpenshift

146 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5294 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2022/09/01 8:28 p.m.2005 views

CVE-2022-2403

CVE-2022-2403 affects Red Hat OpenShift Container Platform. A private key for the external cluster certificate was stored in the oauth-serving-cert ConfigMaps and became readable by any authenticated OpenShift user/service-account, enabling credential disclosure that could compromise web traffic ...

6.5CVSS6.3AI score0.00474EPSS
CVE
CVE
added 2019/02/11 12:0 a.m.784 views

CVE-2019-5736

CVE-2019-5736 affects runc as shipped in Docker before 18.09.2 and other products, enabling a container to overwrite the host runc binary via /proc/self/exe and gain host root. Root cause: file-descriptor mishandling in runc leading to command execution as root inside a container. Affected versio...

9.3CVSS8.8AI score0.9857EPSS
In wildWeb
CVE
CVE
added 2015/11/25 8:0 p.m.555 views

CVE-2015-5317

CVE-2015-5317 affects Jenkins CloudBees Jenkins Fingerprints pages. Affected products: Jenkins before 1.638 and LTS before 1.625.2. The vulnerability is an information disclosure in the Fingerprints UI that allows remote attackers to obtain sensitive job and build names via a direct request. The ...

7.5CVSS8AI score0.22429EPSS
In wild
CVE
CVE
added 2016/08/07 10:0 a.m.471 views

CVE-2016-5766

CVE-2016-5766 affects the GD Graphics Library (libgd) via an integer overflow in _gd2GetHeader() in gd_gd2.c, before libgd 2.2.3. This can cause a heap-based overflow when processing crafted GD2 images, leading to a denial of service (and potentially other impact) on the host application using th...

8.8CVSS8.2AI score0.07495EPSS
CVE
CVE
added 2017/11/09 12:0 a.m.356 views

CVE-2015-7501

CVE-2015-7501 involves a deserialization flaw in Apache Commons Collections that affects Red Hat JBoss Middleware stack (A-MQ 6.x; BPMS 6.x; BRMS 5.x/6.x; JDG 6.x/5.x; JDV 6.x/5.x; AEP 6.x; Fuse 6.x; FSW 6.x; JBoss ON 3.x; Portal 6.x; SOA-P 5.x; JWS 3.x; OpenShift/xPaaS 3.x; Subscription Asset Ma...

10CVSS9.7AI score0.83274EPSS
CVE
CVE
added 2025/01/14 5:37 p.m.352 views

CVE-2024-12085

CVE-2024-12085 affects rsync; a flaw in checksum comparison allows an attacker to manipulate s2length, causing comparisons against uninitialized memory and leaking one byte of uninitialized stack data per interaction. The issue is rated HIGH (CVSS 3.1: 7.5) with network attack vector and no user ...

7.5CVSS7.5AI score0.09353EPSS
CVE
CVE
added 2018/07/13 10:0 p.m.273 views

CVE-2018-10875

CVE-2018-10875 affects Ansible where ansible.cfg is read from the current working directory, allowing an attacker to influence the plugin/module path and potentially execute arbitrary code. The issue arises because the CWD can be manipulated to point to controlled code. Red Hat/Ubuntu/openSUSE ad...

7.8CVSS7.7AI score0.00587EPSS
CVE
CVE
added 2016/04/07 11:0 p.m.232 views

CVE-2016-0792

CVE-2016-0792 affects Jenkins, including the core up to 1.650 and LTS up to 1.642.2, via a deserialization flaw in XML data using XStream and groovy.util.Expando. The vulnerability allows remote authenticated users to execute arbitrary code by crafting a serialized payload in an XML file. Public ...

9CVSS9.1AI score0.82697EPSS
Web
CVE
CVE
added 2018/09/21 1:0 p.m.225 views

CVE-2018-14645

HAProxy HPACK decoder in versions before 1.8.14 contains an out-of-bounds read in hpack_valid_idx(), leading to remote crash and denial of service. Affected: HAProxy’s HTTP/2 HPACK handling. Impact: remote crash/DoS. Mitigation: upgrade to HAProxy 1.8.14 or newer (as indicated by multiple advisor...

7.5CVSS7.1AI score0.03009EPSS
CVE
CVE
added 2017/06/19 4:0 p.m.218 views

CVE-2017-1000376

CVE-2017-1000376 affects libffi. The vulnerability enables an executable stack that can be exploited to trigger arbitrary code execution on 32-bit x86 systems prior to libffi 3.1; upstream is believed to have fixed the issue in version 3.1. Other references indicate that libffi 3.1.x mitigates th...

7CVSS7.2AI score0.00503EPSS
CVE
CVE
added 2020/02/19 2:41 p.m.212 views

CVE-2012-6685

Nokogiri prior to 1.5.4 is vulnerable to XML External Entity (XXE) attacks. The issue arises in the XML parsing path (XXE) and is documented under CVE-2012-6685. Exploitation details are not provided beyond the XXE description. Affected software: Nokogiri (Ruby library). Root cause: XXE in XML pr...

7.5CVSS7.3AI score0.02115EPSS
CVE
CVE
added 2020/04/13 12:4 p.m.211 views

CVE-2020-1759

CVE-2020-1759 affects Red Hat Ceph Storage 4 and Red Hat OpenShift Container Storage 4.2, where the secure mode of the messenger v2 protocol (msgr2) allows nonce reuse. This enables forging authentication tags and can lead to confidentiality and integrity problems in sessions when a nonce is reus...

6.8CVSS6.5AI score0.01373EPSS
CVE
CVE
added 2013/10/28 9:0 p.m.210 views

CVE-2013-2186

CVE-2013-2186 affects Apache Commons FileUpload (DiskFileItem) and allows remote attackers to overwrite/write arbitrary files by exploiting a NULL byte in a serialized file name. The vulnerability is present in affected Red Hat/JBoss stacks (BRMS, Portal, Web Server) and also appears across IBM a...

7.5CVSS7.8AI score0.12768EPSS
CVE
CVE
added 2016/01/08 7:0 p.m.209 views

CVE-2015-5254

CVE-2015-5254 is a deserialization vulnerability in Apache ActiveMQ 5.x prior to 5.13.0. The broker does not restrict serialized classes, enabling remote attackers to execute arbitrary code via a crafted JMS ObjectMessage. Several connected advisories confirm the issue and note mitigations: upgra...

9.8CVSS8.7AI score0.38191EPSS
CVE
CVE
added 2022/07/06 3:6 p.m.206 views

CVE-2021-3695

CVE-2021-3695 affects grub2. A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2 heap, leading to heap data corruption and potentially arbitrary code execution, bypassing secure boot protections. The vulnerability requires heap-layout triage and the written values are r...

4.5CVSS7AI score0.00462EPSS
CVE
CVE
added 2023/01/17 12:0 a.m.200 views

CVE-2023-0296

Technical details for CVE-2023-0296 are not provided in the supplied documents. No affected products, root cause, or remediation specifics are present here. Monitor for updates in connected feeds to obtain concrete information.

5.3CVSS6.7AI score0.00321EPSS
CVE
CVE
added 2022/07/06 3:6 p.m.192 views

CVE-2021-3697

CVE-2021-3697 is a grub2 JPEG handling vulnerability where crafting a JPEG image may cause a heap underflow in the JPEG reader, enabling data corruption and potentially code execution or secure-boot circumvention. It affects grub2 versions prior to the fixed release (notably legacy references to ...

7CVSS7.6AI score0.00456EPSS
CVE
CVE
added 2022/07/06 3:6 p.m.187 views

CVE-2021-3696

CVE-2021-3696 = heap out-of-bounds write during Huffman table handling in grub2’s PNG reader, causing potential heap corruption. Affected: grub2 before patch grub-2.12; implications listed as Low/Low/Low in some sources, with potential for data corruption and, in theory, arbitrary code execution ...

6.9CVSS6.8AI score0.00471EPSS
CVE
CVE
added 2022/08/24 3:9 p.m.183 views

CVE-2021-4125

CVE-2021-4125 : Technical details are not publicly available in the provided documents. Monitor for updates.

8.1CVSS9.4AI score0.01188EPSS
CVE
CVE
added 2019/11/01 6:12 p.m.181 views

CVE-2013-0165

CVE-2013-0165 affects OpenShift: the cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh script does not properly create files in /tmp. Affected component is the dump.sh script within the OpenShift MongoDB cartridge (version 2.2). Underlying issue is improper file creation in /tmp,...

7.5CVSS7.2AI score0.00813EPSS
CVE
CVE
added 2022/12/09 12:0 a.m.167 views

CVE-2022-3259

CVE-2022-3259 is confirmed in multiple connected advisories as OpenShift OpenShift Container Platform components failing to use HTTP Strict Transport Security (HSTS), which may enable MITM attacks (noted for OpenShift 4.9; also reflected in later RHSA/RHOS advisories). The issue is tied to Missin...

7.4CVSS7.3AI score0.00534EPSS
CVE
CVE
added 2016/04/07 11:0 p.m.162 views

CVE-2016-0788

CVE-2016-0788 affects the Jenkins remoting module. The vulnerability allows remote code execution by an attacker who can open a JRMP listener, enabling arbitrary code execution on the Jenkins host. Affected software is Jenkins before version 1.650 and Jenkins LTS versions before 1.642.2. The impa...

10CVSS9.5AI score0.1184EPSS
CVE
CVE
added 2023/01/25 12:0 a.m.161 views

CVE-2023-0229

CVE-2023-0229 is tied to the OpenShift OpenShift apiserver-library-go component. The flaw allows low-privilege users to alter the seccomp profile of pods they control to unconfined, taking advantage of the default restricted-v2 SCC seccomp profile (runtime/default). The vulnerability originates f...

6.3CVSS6AI score0.00647EPSS
CVE
CVE
added 2018/05/11 8:0 p.m.143 views

CVE-2018-1257

CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...

6.5CVSS7AI score0.03279EPSS
CVE
CVE
added 2021/07/30 7:27 p.m.142 views

CVE-2021-3636

OpenShift OpenShift before 4.8 includes an in-cluster Service CA certificate that incorrectly contains additional CA certificates. This allows an attacker who compromising any of those extra CAs to masquerade as a trusted in-cluster service, enabling potential impersonation of in-cluster services...

4.6CVSS4.5AI score0.00284EPSS
CVE
CVE
added 2018/04/30 7:0 p.m.137 views

CVE-2018-1102

CVE-2018-1102 describes a flaw in the source-to-image function shipped with OpenShift Enterprise 3.x. The issue comes from an improper path validation of tar files in ExtractTarStreamFromTarReader (tar/tar.go), which leads to privilege escalation. The description does not specify affected product...

8.8CVSS8.4AI score0.02418EPSS
CVE
CVE
added 2018/04/24 6:0 p.m.133 views

CVE-2018-1059

The CVE concerns the DPDK vhost-user interface, where Guest Physical Addresses to Host Virtual Addresses translations do not verify that the requested guest physical range is fully mapped and contiguous. This can expose vhost-user backend memory to a malicious guest. The vulnerability affects all...

6.1CVSS5.8AI score0.00878EPSS
CVE
CVE
added 2016/04/07 11:0 p.m.130 views

CVE-2016-0790

Jenkins CVE-2016-0790 affects Jenkins core before 1.650 and LTS before 1.642.2, where API token verification does not use a constant-time algorithm—enabling remote attackers to brute-force tokens. The linked sources confirm this cryptographic weakness and tie it to Jenkins releases prior to these...

5.3CVSS6.8AI score0.02105EPSS
CVE
CVE
added 2020/04/02 7:14 p.m.130 views

CVE-2019-19348

CVE-2019-19348 affects the OpenShift container image openshift/apb-base. The vulnerability is an insecure modification of /etc/passwd in the container, enabling privilege escalation for an attacker with container access. Affected versions include 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. If exploite...

7CVSS6.8AI score0.00258EPSS
CVE
CVE
added 2020/03/20 12:0 a.m.130 views

CVE-2020-1707

The CVE-2020-1707 issue affects openshift/postgresql-apb in versions prior to 4.3.0. In the container, an insecure modification fault allows an attacker with container access to modify /etc/passwd and escalate privileges. Affected product/component: openshift/postgresql-apb; vulnerable path: /etc...

7CVSS6.7AI score0.00258EPSS
CVE
CVE
added 2016/04/07 11:0 p.m.129 views

CVE-2016-0791

CVE-2016-0791 affects Jenkins core prior to 1.650 and OpenJenkins LTS prior to 1.642.2, where the CSRF token verification does not use a constant-time algorithm. This non-constant-time CSRF check allows a remote attacker to bypass CSRF protection via brute-forcing. Affected products/components: J...

9.8CVSS9.1AI score0.02715EPSS
CVE
CVE
added 2020/03/18 4:33 p.m.125 views

CVE-2019-19351

CVE-2019-19351 affects the container openshift/jenkins-slave-base-rhel7-container used in OpenShift 4 and 3.11. The vulnerability is an insecure modification of /etc/passwd inside the container, enabling privilege escalation if an attacker gains container access. Related advisories (Red Hat RHSA-...

7CVSS6.8AI score0.00245EPSS
In wild
CVE
CVE
added 2020/09/16 6:0 p.m.124 views

CVE-2020-10715

CVE-2020-10715 is a content spoofing vulnerability in the OpenShift Console (versions 3.11 and 4.x). A crafted URL can inject arbitrary text onto the error page, potentially convincing users the message is legitimate. Documented impact is user-facing text injection on error pages; exploitation sp...

4.3CVSS4.3AI score0.00946EPSS
CVE
CVE
added 2020/03/18 4:35 p.m.118 views

CVE-2019-19355

CVE-2019-19355 affects openshift/ocp-release-operator-sdk (and is tied to openshift/ansible-operator-container in OpenShift 4). The vulnerability is an insecure modification flaw in /etc/passwd that could allow an attacker with container access to modify /etc/passwd and escalate privileges. Multi...

7CVSS6.8AI score0.00245EPSS
CVE
CVE
added 2024/02/13 11:31 p.m.117 views

CVE-2024-1485

CVE-2024-1485 affects the registry-support library’s decompression logic. An unauthenticated attacker can trick a user into parsing a devfile that uses the parent or plugin keywords, causing the decompressor to extract archives with relative paths that write outside the intended scope. This can l...

9.3CVSS7.7AI score0.00942EPSS
CVE
CVE
added 2020/02/12 12:9 a.m.114 views

CVE-2014-0234

Technical details for CVE-2014-0234 are not publicly available in the provided documents. No affected product/version/impact is specified here. Monitor for updates in the connected sources for exact remediation guidance.

9.8CVSS7.4AI score0.03789EPSS
CVE
CVE
added 2016/05/17 12:0 a.m.114 views

CVE-2016-3721

CVE-2016-3721 affects Jenkins core: Jenkins before 2.3 and LTS before 1.651.2 may allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Root cause is unsafe handling of environment variables during builds, enabling parameter le...

6.5CVSS6.5AI score0.02124EPSS
CVE
CVE
added 2020/03/20 2:0 p.m.114 views

CVE-2019-19345

CVE-2019-19345 affects openshift/mediawiki-apb versions prior to 4.3.0 where an insecure modification of /etc/passwd inside the container could let an attacker modify the file and escalate privileges. The issue is tied to improper permissions on /etc/passwd in the affected APB suite; Red Hat advi...

7.8CVSS7.5AI score0.00273EPSS
CVE
CVE
added 2020/04/02 7:12 p.m.114 views

CVE-2019-19346

The CVE-2019-19346 entry describes an insecure modification vulnerability in the container component openshift/mariadb-apb that allows modification of /etc/passwd, enabling privilege escalation for an attacker with container access. Affected releases include versions before 4.3.5, 4.2.21, 4.1.37,...

7CVSS6.8AI score0.00258EPSS
CVE
CVE
added 2016/09/21 2:0 p.m.113 views

CVE-2016-5418

CVE-2016-5418 affects libarchive up to and including version 3.2.0, where sandboxing of archives with hardlinks mishandles entries of non-zero data size. This can allow a remote attacker to write to arbitrary files via a crafted archive, as described in multiple advisories. Public reports referen...

7.5CVSS7.5AI score0.04707EPSS
CVE
CVE
added 2019/08/01 1:20 p.m.113 views

CVE-2019-3884

CVE-2019-3884 affects atomic-openshift garbage collection; cross-namespace UUID spoofing can delete children. Affected: OpenShift/atomic-openshift versions 3.6–4.1. Remediation in Red Hat advisory RHSA-2020:5634: upgrade OpenShift Container Platform to 4.7.0 (and apply the listed fixes). Other do...

5.4CVSS5.5AI score0.0062EPSS
CVE
CVE
added 2019/09/04 3:49 p.m.113 views

CVE-2019-6648

CVE-2019-6648 affects F5 Container Ingress Services for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) version 1.9.0. When DEBUG logging is enabled, CIS log files may disclose BIG-IP secrets (SSL private keys and private key passphrases) supplied via an AS3 Declaration. Impact is exposure of s...

4.4CVSS4.8AI score0.00345EPSS
CVE
CVE
added 2025/02/19 5:54 p.m.109 views

CVE-2024-45777

CVE-2024-45777 is a GRUB2 flaw where reading a language .mo file can overflow the translation buffer in grub_gettext_getstr_from_position(), causing an Out-of-Bounds write and potential circumvention of secure boot. Connected advisories confirm patched GRUB2 packages and versions: AlmaLinux 2025/...

6.7CVSS6.7AI score0.00231EPSS
CVE
CVE
added 2014/10/16 7:0 p.m.108 views

CVE-2014-3680

CVE-2014-3680 affects Jenkins before 1.583 and LTS before 1.565.3, permitting remote authenticated users with Job/READ to read the DOM and obtain the default value for a parameterized job password field. Root cause: information disclosure via DOM in the parameter password. Impact: potential expos...

4CVSS7.9AI score0.01361EPSS
CVE
CVE
added 2016/05/17 2:0 p.m.108 views

CVE-2016-3722

CVE-2016-3722 affects Jenkins core. Affected: Jenkins versions before 2.3 and LTS lines before 1.651.2. Root cause: denial of service via remote authenticated users with multiple accounts caused by editing the user’s full name. Impact: login denial (partial availability). Mitigation: upgrade to J...

4.3CVSS5.3AI score0.02293EPSS
CVE
CVE
added 2014/01/02 9:0 p.m.105 views

CVE-2013-2119

Phusion Passenger gem vulnerability (CVE-2013-2119) affects Phusion Passenger for Ruby, specifically the gem versions before 3.0.21 and 4.0.x before 4.0.5. The issue arises from insecure handling of temporary directories/files in /tmp, where a local attacker can pre-create a predictable temporary...

4.6CVSS6.3AI score0.004EPSS
CVE
CVE
added 2019/11/05 9:16 p.m.103 views

CVE-2013-5123

The CVE-2013-5123 issue affects Python-pip prior to 1.5, where the mirroring support (-M/--use-mirrors) performs insecure DNS queries and lacks proper authenticity checks, enabling MITM-like download tampering. Connected advisories confirm this vulnerability and describe the fix as removing the m...

5.9CVSS5.4AI score0.07987EPSS
Web
CVE
CVE
added 2016/04/07 11:0 p.m.102 views

CVE-2016-0789

CVE-2016-0789 is a CRLF injection vulnerability in the Jenkins CLI command documentation that allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Affected products are Jenkins prior to version 1.650 and LTS prior to 1.642.2. The ro...

6.1CVSS7.6AI score0.0179EPSS
CVE
CVE
added 2016/07/03 9:0 p.m.102 views

CVE-2016-2074

Open vSwitch: MPLS processing in ovs-vswitchd contains a buffer overflow in OpenFlow/MPLS label handling affecting Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1. A remote attacker can exploit crafted MPLS packets to achieve arbitrary code execution or DoS. Upstream fixes are in...

9.8CVSS9.7AI score0.06279EPSS
Total number of security vulnerabilities146