Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-08	CVE-2019-0211	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. local low complexity apache fedoraproject canonical debian opensuse netapp redhat oracle CWE-416	7.8
2019-04-01	CVE-2019-3876	Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. network low complexity redhat	6.3
2019-04-01	CVE-2019-1002101	Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. local low complexity kubernetes redhat CWE-59	5.5
2019-04-01	CVE-2019-1002100	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. network low complexity kubernetes redhat CWE-770	6.5
2019-03-28	CVE-2019-1003041	Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. network low complexity jenkins redhat CWE-470 critical	9.8
2019-03-28	CVE-2019-1003040	Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. network low complexity jenkins redhat CWE-470 critical	9.8
2019-03-26	CVE-2019-3826	A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. network low complexity prometheus redhat	6.1
2019-03-25	CVE-2019-7609	Code Injection vulnerability in multiple products Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. network low complexity elastic redhat CWE-94 critical	10.0
2019-03-21	CVE-2019-7221	Use After Free vulnerability in multiple products The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. local low complexity linux opensuse fedoraproject debian canonical netapp redhat CWE-416	7.8
2019-03-21	CVE-2018-20615	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. network low complexity haproxy opensuse canonical redhat CWE-125	7.5