Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-29	CVE-2019-14379	SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. network low complexity fasterxml debian netapp fedoraproject redhat oracle apple critical	9.8
2019-07-19	CVE-2019-1010238	Out-of-bounds Write vulnerability in multiple products Gnome Pango 1.42 and later is affected by: Buffer Overflow. network low complexity gnome oracle fedoraproject debian canonical redhat CWE-787 critical	9.8
2019-07-17	CVE-2019-10354	Missing Authorization vulnerability in multiple products A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. network low complexity jenkins redhat CWE-862	4.3
2019-07-11	CVE-2019-3889	Cross-site Scripting vulnerability in Redhat Openshift Container Platform A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. network low complexity redhat CWE-79	5.4
2019-07-09	CVE-2018-11307	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. network low complexity fasterxml redhat oracle CWE-502 critical	9.8
2019-06-12	CVE-2019-10150	Improper Authentication vulnerability in Redhat Openshift Container Platform It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. network high complexity redhat CWE-287	5.9
2019-04-23	CVE-2019-2698	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). network oracle redhat debian opensuse canonical hp	6.8
2019-04-23	CVE-2019-2684	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). network high complexity oracle redhat opensuse debian apache canonical hp	5.9
2019-04-23	CVE-2019-2602	Resource Exhaustion vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle redhat opensuse canonical debian mcafee hp CWE-400	7.5
2019-04-22	CVE-2019-3899	DEPRECATED: Authentication Bypass Issues vulnerability in multiple products It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. network low complexity redhat heketi-project CWE-592 critical	9.8