Product:

Openshift

(Redhat)
Date Id Summary Products Score Patch Annotated
2015-11-25 CVE-2015-5319 XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. Jenkins, Openshift N/A
2015-11-25 CVE-2015-5318 Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. Jenkins, Openshift N/A
2015-11-25 CVE-2015-5317 The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. Jenkins, Openshift N/A
2019-12-11 CVE-2013-7370 node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware Debian_linux, Opensuse, Openshift, Connect N/A
2019-12-11 CVE-2014-0163 Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. Openshift N/A
2019-12-03 CVE-2013-2103 OpenShift cartridge allows remote URL retrieval Openshift N/A
2019-12-05 CVE-2013-0163 OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS Openshift N/A
2019-11-19 CVE-2012-6135 RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Passenger, Openshift N/A
2019-11-15 CVE-2014-0023 OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution Openshift N/A
2019-11-05 CVE-2013-5123 The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv N/A