Vulnerabilities > Redhat > Openshift Container Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-31 | CVE-2019-10355 | Incorrect Type Conversion or Cast vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |
| 2019-07-30 | CVE-2019-10165 | Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. | 2.3 |
| 2019-07-29 | CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | 9.8 |
| 2019-07-19 | CVE-2019-1010238 | Out-of-bounds Write vulnerability in multiple products Gnome Pango 1.42 and later is affected by: Buffer Overflow. | 9.8 |
| 2019-07-17 | CVE-2019-10354 | Missing Authorization vulnerability in multiple products A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. | 4.3 |
| 2019-07-11 | CVE-2019-3889 | Unspecified vulnerability in Redhat Openshift Container Platform A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. | 5.4 |
| 2019-07-09 | CVE-2018-11307 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. | 9.8 |
| 2019-06-12 | CVE-2019-10150 | Unspecified vulnerability in Redhat Openshift Container Platform It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. | 5.9 |
| 2019-04-23 | CVE-2019-2698 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). | 8.1 |
| 2019-04-23 | CVE-2019-2684 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 5.9 |