Vulnerabilities > Redhat > Openshift Container Platform > 3.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2019-3876 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. | 6.3 |
| 2019-04-01 | CVE-2019-1002101 | Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. | 5.5 |
| 2019-04-01 | CVE-2019-1002100 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. | 6.5 |
| 2019-01-09 | CVE-2019-0542 | Code Injection vulnerability in multiple products A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | 8.8 |
| 2019-01-02 | CVE-2018-14718 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | 9.8 |
| 2018-12-05 | CVE-2018-1002105 | 7PK - Errors vulnerability in multiple products In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. | 9.8 |
| 2018-09-06 | CVE-2018-14632 | Out-of-bounds Write vulnerability in multiple products An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. | 7.7 |