Redhat Openshift
80 CVEs affecting Redhat Openshift. Latest disclosed: 2026-04-01. Critical: 5, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-7501 | Critical | 9.8 | 2017-11-09 | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x… |
CVE-2016-2074 | Critical | 9.8 | 2016-07-03 | Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary… |
CVE-2016-0791 | Critical | 9.8 | 2016-04-07 | Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a… |
CVE-2016-0788 | Critical | 9.8 | 2016-04-07 | The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. |
CVE-2015-5254 | Critical | 9.8 | 2016-01-08 | Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code v… |
CVE-2016-5766 | High | 8.8 | 2016-08-07 | Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6… |
CVE-2016-3738 | High | 8.8 | 2016-06-08 | Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain… |
CVE-2016-2160 | High | 8.8 | 2016-06-08 | Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password i… |
CVE-2016-0792 | High | 8.8 | 2016-04-07 | Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized dat… |
CVE-2015-7538 | High | 8.8 | 2016-02-03 | Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. |
CVE-2015-7537 | High | 8.8 | 2016-02-03 | Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administ… |
CVE-2026-35091 | High | 8.2 | 2026-04-01 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity c… |
CVE-2026-35092 | High | 7.5 | 2026-04-01 | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2016-5409 | High | 7.5 | 2017-04-20 | Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to o… |
CVE-2016-5418 | High | 7.5 | 2016-09-21 | The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to a… |
CVE-2015-7539 | High | 7.5 | 2016-02-03 | The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it ea… |
CVE-2016-3726 | High | 7.4 | 2016-05-17 | Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct… |
CVE-2016-3708 | High | 7.1 | 2016-06-08 | Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespa… |
CVE-2017-1000376 | High | 7.0 | 2017-06-19 | libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is use… |