VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Redhat
> Openshift Container Platform
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2019-01-28
CVE-2019-3815
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
local
low complexity
redhat
debian
3.3
3.3
2019-01-22
CVE-2019-1003004
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
network
low complexity
jenkins
redhat
7.2
7.2
2019-01-22
CVE-2019-1003003
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g.
network
low complexity
jenkins
redhat
7.2
7.2
2019-01-22
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
network
low complexity
jenkins
redhat
8.8
8.8
2019-01-22
CVE-2019-1003001
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
network
low complexity
jenkins
redhat
8.8
8.8
2019-01-22
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins
redhat
8.8
8.8
2019-01-09
CVE-2019-0542
Code Injection vulnerability in multiple products
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
network
low complexity
xtermjs
redhat
CWE-94
8.8
8.8
2019-01-02
CVE-2018-19362
Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
network
low complexity
fasterxml
debian
oracle
redhat
CWE-502
critical
9.8
9.8
2019-01-02
CVE-2018-19361
Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
network
low complexity
fasterxml
debian
oracle
redhat
CWE-502
critical
9.8
9.8
2019-01-02
CVE-2018-19360
Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
network
low complexity
fasterxml
debian
oracle
redhat
CWE-502
critical
9.8
9.8
«
Previous
1
2
...
17
18
19
(current)
20
21
...
23
24
»
Next