Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-04	CVE-2019-15718	In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. local low complexity systemd-project fedoraproject redhat	4.4
2019-09-03	CVE-2019-14817	Incorrect Authorization vulnerability in multiple products A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. local low complexity artifex redhat opensuse fedoraproject debian CWE-863	7.8
2019-09-03	CVE-2019-14811	Incorrect Authorization vulnerability in multiple products A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. local low complexity artifex redhat fedoraproject opensuse debian CWE-863	7.8
2019-08-29	CVE-2019-11250	Information Exposure Through Log Files vulnerability in multiple products The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. network low complexity kubernetes redhat CWE-532	6.5
2019-08-29	CVE-2019-11249	Path Traversal vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. network low complexity kubernetes redhat CWE-22	6.5
2019-08-29	CVE-2019-11247	Incorrect Authorization vulnerability in multiple products The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. network low complexity kubernetes redhat CWE-863	8.1
2019-08-28	CVE-2019-10384	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. network low complexity jenkins oracle redhat CWE-352	8.8
2019-08-28	CVE-2019-10383	Cross-site Scripting vulnerability in multiple products A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. network low complexity jenkins oracle redhat CWE-79	4.8
2019-08-13	CVE-2019-9515	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5
2019-08-13	CVE-2019-9514	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. network low complexity apple apache debian canonical synology fedoraproject opensuse redhat oracle mcafee netapp f5 nodejs CWE-770	7.5