Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
| CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||||
| CVE-2013-4561 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | |||||
| CVE-2013-4364 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | |||||
| CVE-2013-2103 | 1 Redhat | 1 Openshift | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| OpenShift cartridge allows remote URL retrieval | |||||
| CVE-2013-2060 | 1 Redhat | 1 Openshift | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | |||||
| CVE-2013-0196 | 1 Redhat | 2 Enterprise Linux, Openshift | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | |||||
| CVE-2013-0165 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | |||||
| CVE-2013-0163 | 1 Redhat | 1 Openshift | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | |||||
| CVE-2012-6685 | 2 Nokogiri, Redhat | 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks | |||||
| CVE-2012-6135 | 2 Phusion, Redhat | 2 Passenger, Openshift | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | |||||