Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift 1.0 vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2012-6135
RubyGems passenger 4.0.0 betas 1 and 2 allows remote malicious users to delete arbitrary files during the startup process.
Phusion Passenger 4.0.0
Redhat Openshift 1.0
446
VMScore
CVE-2020-10758
A vulnerability was found in Keycloak prior to 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
Redhat Keycloak
Redhat Openshift Application Runtimes -
Redhat Openshift Application Runtimes 1.0
Redhat Single Sign-on -
Redhat Single Sign-on 7.0
Redhat Single Sign-on 7.4
668
VMScore
CVE-2014-0175
mcollective has a default password set at install
Puppet Marionette Collective -
Redhat Openshift 2.1
Redhat Openshift 1.0
Debian Debian Linux 8.0
Debian Debian Linux 10.0
668
VMScore
CVE-2020-1762
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to vi...
Kiali Kiali
Redhat Openshift Service Mesh 1.0
668
VMScore
CVE-2020-1764
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions before 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges t...
Kiali Kiali
Redhat Openshift Service Mesh 1.0
1 Github repository
356
VMScore
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot prior to 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to t...
Istio Istio
Redhat Openshift Service Mesh 1.0
448
VMScore
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
1 Article
NA
CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
Redhat Openshift Application Runtimes 1.0
Redhat Build Of Quarkus -
Redhat Build Of Quarkus
Redhat Smallrye Health -
383
VMScore
CVE-2020-10688
A cross-site scripting (XSS) flaw was found in RESTEasy in versions prior to 3.11.1.Final and prior to 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Resteasy
Redhat Fuse 1.0
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
445
VMScore
CVE-2020-8659
CNCF Envoy up to and including 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
Cncf Envoy
Redhat Openshift Service Mesh 1.0
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »