Vulnerabilities > Redhat > Openshift Container Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-13 | CVE-2020-14298 | Improper Check for Dropped Privileges vulnerability in multiple products The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. | 8.8 |
2020-06-12 | CVE-2020-10752 | Insufficiently Protected Credentials vulnerability in Redhat Openshift Container Platform 3.11/4.0 A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. | 7.5 |
2020-06-03 | CVE-2020-7013 | Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. | 7.2 |
2020-06-03 | CVE-2020-10749 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. | 6.0 |
2020-05-12 | CVE-2020-10706 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. low complexity redhat | 6.6 |
2020-04-24 | CVE-2020-1741 | Unspecified vulnerability in Redhat Openshift Container Platform 3.11 A flaw was found in openshift-ansible. | 5.9 |
2020-04-23 | CVE-2020-1760 | Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. | 6.1 |
2020-04-22 | CVE-2020-10712 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. | 8.2 |
2020-04-02 | CVE-2020-11100 | Out-of-bounds Write vulnerability in multiple products In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | 8.8 |
2020-03-31 | CVE-2020-10696 | Path Traversal vulnerability in multiple products A path traversal flaw was found in Buildah in versions before 1.14.5. | 8.8 |