Vulnerabilities > Redhat > Openshift Container Platform > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-05	CVE-2022-4145	Injection vulnerability in Redhat Openshift Container Platform 4.0 A content spoofing flaw was found in OpenShift's OAuth endpoint. network low complexity redhat CWE-74	5.3
2023-10-04	CVE-2023-3153	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. network low complexity ovn redhat CWE-770	5.3
2023-06-06	CVE-2023-2253	Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). network low complexity redhat CWE-770	6.5
2023-04-10	CVE-2023-1668	Always-Incorrect Control Flow Implementation vulnerability in multiple products A flaw was found in openvswitch (OVS). network low complexity cloudbase debian redhat CWE-670	8.2
2023-03-03	CVE-2023-27561	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. local high complexity linuxfoundation redhat debian CWE-706	7.0
2022-12-28	CVE-2021-4294	Information Exposure Through Discrepancy vulnerability in Redhat Openshift Container Platform and Openshift Osin A vulnerability was found in OpenShift OSIN. network high complexity redhat CWE-203	5.9
2022-09-13	CVE-2022-2989	An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. local low complexity podman-project redhat	7.1
2022-09-13	CVE-2022-2990	An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. local low complexity buildah-project redhat	7.1
2022-09-01	CVE-2022-1632	An Improper Certificate Validation attack was found in Openshift. network low complexity redhat fedoraproject	6.5
2022-08-31	CVE-2022-2132	A permissive list of allowed inputs flaw was found in DPDK. network low complexity dpdk fedoraproject debian redhat	8.6

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.