Total
170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0788 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | |||||
CVE-2016-3722 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." | |||||
CVE-2015-5222 | 1 Redhat | 1 Openshift | 2023-12-10 | 8.5 HIGH | N/A |
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors. | |||||
CVE-2015-7538 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. | |||||
CVE-2015-5326 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. | |||||
CVE-2016-5766 | 6 Debian, Fedoraproject, Freebsd and 3 more | 7 Debian Linux, Fedora, Freebsd and 4 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | |||||
CVE-2014-3680 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. | |||||
CVE-2014-3663 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 6.0 MEDIUM | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. | |||||
CVE-2014-3664 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. | |||||
CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2023-12-10 | 10.0 HIGH | N/A |
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | |||||
CVE-2014-3602 | 1 Redhat | 1 Openshift | 2023-12-10 | 2.1 LOW | N/A |
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. | |||||
CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 7.5 HIGH | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | |||||
CVE-2014-3674 | 1 Redhat | 1 Openshift | 2023-12-10 | 7.5 HIGH | N/A |
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | |||||
CVE-2014-0233 | 1 Redhat | 1 Openshift | 2023-12-10 | 6.5 MEDIUM | N/A |
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | |||||
CVE-2014-3667 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | N/A |
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. | |||||
CVE-2014-3661 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 5.0 MEDIUM | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. | |||||
CVE-2014-3681 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-0188 | 1 Redhat | 1 Openshift | 2023-12-10 | 7.5 HIGH | N/A |
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. | |||||
CVE-2014-0164 | 1 Redhat | 1 Openshift | 2023-12-10 | 2.1 LOW | N/A |
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | |||||
CVE-2014-3662 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 5.0 MEDIUM | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. |