VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Redhat
> Openshift Container Platform
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2019-03-28
CVE-2019-1003040
Unsafe Reflection vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
network
low complexity
jenkins
redhat
CWE-470
critical
9.8
9.8
2019-03-26
CVE-2019-3826
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1.
network
low complexity
prometheus
redhat
6.1
6.1
2019-03-25
CVE-2019-7609
Code Injection vulnerability in multiple products
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer.
network
low complexity
elastic
redhat
CWE-94
critical
10.0
10
2019-03-21
CVE-2019-7221
Use After Free vulnerability in multiple products
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
local
low complexity
linux
opensuse
fedoraproject
debian
canonical
netapp
redhat
CWE-416
7.8
7.8
2019-03-21
CVE-2018-20615
Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash.
network
low complexity
haproxy
opensuse
canonical
redhat
CWE-125
7.5
7.5
2019-03-21
CVE-2018-12023
Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
network
high complexity
fasterxml
debian
fedoraproject
oracle
redhat
CWE-502
7.5
7.5
2019-03-21
CVE-2018-12022
Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
network
high complexity
fasterxml
debian
fedoraproject
oracle
redhat
CWE-502
7.5
7.5
2019-03-08
CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python
fedoraproject
opensuse
debian
canonical
redhat
oracle
critical
9.8
9.8
2019-03-08
CVE-2019-1003034
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins
redhat
critical
9.9
9.9
2019-03-08
CVE-2019-1003031
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins
redhat
critical
9.9
9.9
«
Previous
1
2
...
15
16
17
(current)
18
19
...
23
24
»
Next