Vulnerabilities > Redhat > Openshift Container Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-06 | CVE-2021-3696 | Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. | 4.5 |
2022-07-06 | CVE-2021-3697 | Out-of-bounds Write vulnerability in multiple products A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. | 7.0 |
2022-06-07 | CVE-2022-1708 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. | 7.5 |
2022-05-17 | CVE-2022-1706 | Incorrect Authorization vulnerability in multiple products A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. | 6.5 |
2022-04-29 | CVE-2022-1227 | Improper Privilege Management vulnerability in multiple products A privilege escalation flaw was found in Podman. | 8.8 |
2022-04-18 | CVE-2022-27652 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. | 5.3 |
2022-04-04 | CVE-2022-27649 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. | 7.5 |
2022-04-04 | CVE-2022-27650 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in crun where containers were incorrectly started with non-empty default permissions. | 7.5 |
2022-04-01 | CVE-2021-20238 | Missing Authentication for Critical Function vulnerability in Redhat products It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. | 3.7 |
2022-03-03 | CVE-2021-3609 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. | 7.0 |