Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-24	CVE-2020-1741	Unspecified vulnerability in Redhat Openshift Container Platform 3.11 A flaw was found in openshift-ansible. network high complexity redhat	5.9
2020-04-23	CVE-2020-1760	Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. network low complexity linuxfoundation redhat fedoraproject canonical debian CWE-79	6.1
2020-04-22	CVE-2020-10712	Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. network low complexity redhat	8.2
2020-04-02	CVE-2020-11100	Out-of-bounds Write vulnerability in multiple products In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. network low complexity haproxy debian redhat fedoraproject canonical opensuse CWE-787	8.8
2020-03-31	CVE-2020-10696	Path Traversal vulnerability in multiple products A path traversal flaw was found in Buildah in versions before 1.14.5. network low complexity buildah-project redhat CWE-22	8.8
2020-03-31	CVE-2020-1712	Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. local low complexity systemd-project redhat debian CWE-416	7.8
2020-03-09	CVE-2020-1706	Unspecified vulnerability in Redhat Openshift Container Platform It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. local high complexity redhat	7.0
2020-03-02	CVE-2019-14892	Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. network low complexity fasterxml redhat apache CWE-502 critical	9.8
2020-02-12	CVE-2020-8945	Use After Free vulnerability in multiple products The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. network high complexity gpgme-project redhat fedoraproject CWE-416	7.5
2020-02-12	CVE-2019-19921	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. local high complexity linuxfoundation debian opensuse canonical redhat CWE-706	7.0