Vulnerabilities > Redhat > Openshift Container Platform > 4.6

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-14	CVE-2020-27833	Link Following vulnerability in Redhat Openshift Container Platform A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. network high complexity redhat CWE-59	7.1
2021-03-16	CVE-2021-3344	Insufficiently Protected Credentials vulnerability in Redhat Openshift Builder and Openshift Container Platform A privilege escalation flaw was found in OpenShift builder. network low complexity redhat CWE-522	8.8
2021-03-04	CVE-2020-25639	A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. local low complexity linux fedoraproject redhat	4.4
2021-02-23	CVE-2021-20194	There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). local low complexity linux redhat	7.8
2021-02-23	CVE-2021-20182	Unspecified vulnerability in Redhat Openshift Container Platform A privilege escalation flaw was found in openshift4/ose-docker-builder. network low complexity redhat	8.8
2020-12-15	CVE-2020-27777	A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. local low complexity linux redhat	6.7
2020-12-11	CVE-2020-27786	A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. local low complexity linux redhat netapp	7.8
2020-09-23	CVE-2020-14370	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. network high complexity podman-project redhat fedoraproject CWE-212	5.3
2019-01-02	CVE-2018-14719	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. network low complexity fasterxml debian oracle redhat netapp CWE-502 critical	9.8
2019-01-02	CVE-2018-14718	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. network low complexity fasterxml debian oracle netapp redhat CWE-502 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.