Vulnerabilities > Redhat > Openshift Container Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-21 | CVE-2018-14645 | Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. | 7.5 |
2018-09-19 | CVE-2018-3830 | Cross-site Scripting vulnerability in multiple products Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
2018-09-11 | CVE-2018-10937 | Cross-site Scripting vulnerability in Redhat Openshift Container Platform 3.11 A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. | 5.4 |
2018-09-06 | CVE-2018-14632 | Out-of-bounds Write vulnerability in multiple products An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. | 7.7 |
2018-09-05 | CVE-2018-16540 | Use After Free vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. | 7.8 |
2018-09-05 | CVE-2016-1000232 | Improper Input Validation vulnerability in multiple products NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. | 5.3 |
2018-08-21 | CVE-2018-12115 | Out-of-bounds Write vulnerability in multiple products In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. | 7.5 |
2018-08-13 | CVE-2017-15138 | Information Exposure vulnerability in Redhat Openshift Container Platform 3.9 The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | 5.0 |
2018-08-01 | CVE-2016-8651 | Unspecified vulnerability in Redhat Openshift and Openshift Container Platform An input validation flaw was found in the way OpenShift 3 handles requests for images. low complexity redhat | 3.5 |
2018-07-27 | CVE-2017-12195 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. | 4.8 |