CVE-2014-0023
- EPSS 0.4%
- Veröffentlicht 15.11.2019 15:15:11
- Zuletzt bearbeitet 21.11.2024 02:01:11
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
CVE-2013-5123
- EPSS 7.99%
- Veröffentlicht 05.11.2019 22:15:10
- Zuletzt bearbeitet 21.11.2024 01:57:03
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVE-2013-0165
- EPSS 0.81%
- Veröffentlicht 01.11.2019 19:15:10
- Zuletzt bearbeitet 21.11.2024 01:46:58
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
CVE-2019-14845
- EPSS 0.41%
- Veröffentlicht 08.10.2019 19:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:29
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and in...
CVE-2019-6648
- EPSS 0.35%
- Veröffentlicht 04.09.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:46:52
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by ...
CVE-2019-3884
- EPSS 0.62%
- Veröffentlicht 01.08.2019 14:15:13
- Zuletzt bearbeitet 21.11.2024 04:42:47
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are ...
CVE-2019-5736
- EPSS 98.57%
- Veröffentlicht 11.02.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:45:24
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...
CVE-2018-14645
- EPSS 3.01%
- Veröffentlicht 21.09.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:29
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
CVE-2016-7075
- EPSS 1.57%
- Veröffentlicht 10.09.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 02:57:24
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509...
CVE-2016-8651
- EPSS 1.35%
- Veröffentlicht 01.08.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:59:46
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure ...