Redhat

Openshift

166 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.61%
  • Veröffentlicht 09.03.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:06

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.

  • EPSS 0.41%
  • Veröffentlicht 08.01.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 01:55:25

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.

  • EPSS 83.27%
  • Veröffentlicht 09.11.2017 17:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x...

  • EPSS 0.35%
  • Veröffentlicht 26.09.2017 01:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

  • EPSS 1.16%
  • Veröffentlicht 07.08.2017 17:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

  • EPSS 0.5%
  • Veröffentlicht 19.06.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version...

  • EPSS 1.31%
  • Veröffentlicht 20.04.2017 17:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

Exploit
  • EPSS 4.71%
  • Veröffentlicht 21.09.2016 14:25:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

  • EPSS 2.46%
  • Veröffentlicht 05.08.2016 15:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to t...

  • EPSS 6.28%
  • Veröffentlicht 03.07.2016 21:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.