Vulnerabilities > Redhat > Openshift Container Platform > 4.4

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-14	CVE-2020-27833	Link Following vulnerability in Redhat Openshift Container Platform A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. network high complexity redhat CWE-59	7.1
2021-03-24	CVE-2019-19354	Unspecified vulnerability in Redhat Openshift Container Platform 4.4 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. local low complexity redhat	7.8
2021-03-04	CVE-2020-25639	A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. local low complexity linux fedoraproject redhat	4.4
2021-02-23	CVE-2021-20194	There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). local low complexity linux redhat	7.8
2021-02-23	CVE-2021-20182	Unspecified vulnerability in Redhat Openshift Container Platform A privilege escalation flaw was found in openshift4/ose-docker-builder. network low complexity redhat	8.8
2020-12-15	CVE-2020-27777	A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. local low complexity linux redhat	6.7
2020-12-11	CVE-2020-27786	A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. local low complexity linux redhat netapp	7.8
2020-02-12	CVE-2020-8945	Use After Free vulnerability in multiple products The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. network high complexity gpgme-project redhat fedoraproject CWE-416	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.