Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2018-09-21 CVE-2018-14645 Out-of-bounds Read vulnerability in multiple products
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2.
network
low complexity
haproxy canonical redhat CWE-125
7.5
2018-09-19 CVE-2018-3830 Cross-site Scripting vulnerability in multiple products
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
network
low complexity
elastic redhat CWE-79
6.1
2018-09-11 CVE-2018-10937 Cross-site Scripting vulnerability in Redhat Openshift Container Platform 3.11
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11.
network
low complexity
redhat CWE-79
5.4
2018-09-06 CVE-2018-14632 Out-of-bounds Write vulnerability in multiple products
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7.
network
low complexity
redhat starcounter-jack CWE-787
7.7
2018-09-05 CVE-2018-16540 Use After Free vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
local
low complexity
artifex redhat debian canonical CWE-416
7.8
2018-09-05 CVE-2016-1000232 Improper Input Validation vulnerability in multiple products
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service.
network
low complexity
salesforce ibm redhat CWE-20
5.3
2018-08-21 CVE-2018-12115 Out-of-bounds Write vulnerability in multiple products
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`.
network
low complexity
nodejs redhat CWE-787
7.5
2018-08-13 CVE-2017-15138 Information Exposure vulnerability in Redhat Openshift Container Platform 3.9
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
network
low complexity
redhat CWE-200
5.0
2018-08-01 CVE-2016-8651 Unspecified vulnerability in Redhat Openshift and Openshift Container Platform
An input validation flaw was found in the way OpenShift 3 handles requests for images.
low complexity
redhat
3.5
2018-07-27 CVE-2017-12195 Unspecified vulnerability in Redhat Openshift Container Platform
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin.
network
high complexity
redhat
4.8