Vulnerabilities > Redhat > Openshift Container Platform > 4.5

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-14	CVE-2020-27833	Link Following vulnerability in Redhat Openshift Container Platform A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. network high complexity redhat CWE-59	7.1
2021-03-16	CVE-2021-3344	Insufficiently Protected Credentials vulnerability in Redhat Openshift Builder and Openshift Container Platform A privilege escalation flaw was found in OpenShift builder. network low complexity redhat CWE-522	6.5
2021-03-04	CVE-2020-25639	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. local low complexity linux fedoraproject redhat CWE-476	4.4
2021-02-23	CVE-2021-20194	Improper Input Validation vulnerability in multiple products There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). local low complexity linux redhat CWE-20	7.8
2021-02-23	CVE-2021-20182	Files or Directories Accessible to External Parties vulnerability in Redhat Openshift Container Platform A privilege escalation flaw was found in openshift4/ose-docker-builder. network low complexity redhat CWE-552	6.5
2020-12-15	CVE-2020-27777	Missing Authorization vulnerability in multiple products A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. local low complexity linux redhat CWE-862	6.7
2020-12-11	CVE-2020-27786	Use After Free vulnerability in multiple products A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. local low complexity linux redhat netapp CWE-416	7.8
2020-02-12	CVE-2020-8945	Use After Free vulnerability in multiple products The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. network high complexity gpgme-project redhat fedoraproject CWE-416	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.