Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2019-01-28 CVE-2019-3815 A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
local
low complexity
redhat debian
3.3
2019-01-22 CVE-2019-1003004 An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
network
low complexity
jenkins redhat
7.2
2019-01-22 CVE-2019-1003003 An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g.
network
low complexity
jenkins redhat
7.2
2019-01-22 CVE-2019-1003002 A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
network
low complexity
jenkins redhat
8.8
2019-01-22 CVE-2019-1003001 A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
network
low complexity
jenkins redhat
8.8
2019-01-22 CVE-2019-1003000 A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins redhat
8.8
2019-01-09 CVE-2019-0542 Code Injection vulnerability in multiple products
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
network
low complexity
xtermjs redhat CWE-94
8.8
2019-01-02 CVE-2018-19362 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-19361 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-19360 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8