Shodan
Vulnerabilities
Vulnerable Software
Redhat:  >> Openshift  >> 1.0  Security Vulnerabilities
CVE-2014-0175
mcollective has a default password set at install
CVSS Score
9.8
EPSS Score
0.006
Published
2019-12-13
CVE-2014-0163
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
CVSS Score
8.8
EPSS Score
0.018
Published
2019-12-11
CVE-2013-0163
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-05
CVE-2013-2103
OpenShift cartridge allows remote URL retrieval
CVSS Score
8.1
EPSS Score
0.003
Published
2019-12-03
CVE-2012-6135
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-11-19
CVE-2013-5123
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVSS Score
5.9
EPSS Score
0.129
Published
2019-11-05
CVE-2018-10885
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-05
CVE-2013-4364
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-08
CVE-2015-7537
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
CVSS Score
8.8
EPSS Score
0.002
Published
2016-02-03
CVE-2015-7538
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2016-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved