Redhat

Openshift

163 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2015-0238

  • EPSS 0.04%
  • Published 26.09.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

3.5

CVE-2015-7561

  • EPSS 0.14%
  • Published 07.08.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

7

CVE-2017-1000376

  • EPSS 0.42%
  • Published 19.06.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version...

7.5

CVE-2016-5409

  • EPSS 0.23%
  • Published 20.04.2017 17:59:00
  • Last modified 20.04.2025 01:37:25

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

7.5

CVE-2016-5418

Exploit
  • EPSS 5.22%
  • Published 21.09.2016 14:25:13
  • Last modified 12.04.2025 10:46:40

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

6.8

CVE-2016-5392

  • EPSS 0.18%
  • Published 05.08.2016 15:59:08
  • Last modified 12.04.2025 10:46:40

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to t...

9.8

CVE-2016-2074

  • EPSS 4.81%
  • Published 03.07.2016 21:59:10
  • Last modified 12.04.2025 10:46:40

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.

8.8

CVE-2016-3738

  • EPSS 0.74%
  • Published 08.06.2016 17:59:07
  • Last modified 12.04.2025 10:46:40

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

3.3

CVE-2016-3711

  • EPSS 0.05%
  • Published 08.06.2016 17:59:06
  • Last modified 12.04.2025 10:46:40

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

7.1

CVE-2016-3708

  • EPSS 0.13%
  • Published 08.06.2016 17:59:05
  • Last modified 12.04.2025 10:46:40

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via a...