Vulnerabilities > Redhat > Openshift Container Platform > 3.11.43
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2020-27833 | Link Following vulnerability in Redhat Openshift Container Platform A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. | 7.1 |
| 2020-04-22 | CVE-2020-10712 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. | 8.2 |
| 2019-07-30 | CVE-2019-10165 | Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. | 2.3 |
| 2019-06-12 | CVE-2019-10150 | Unspecified vulnerability in Redhat Openshift Container Platform It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. | 5.9 |
| 2019-01-09 | CVE-2019-0542 | Code Injection vulnerability in multiple products A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | 8.8 |
| 2019-01-02 | CVE-2018-14719 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | 9.8 |
| 2019-01-02 | CVE-2018-14718 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | 9.8 |