Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2021-3696 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader.
local
high complexity
gnu redhat netapp CWE-787
4.5
2022-07-06 CVE-2021-3697 Out-of-bounds Write vulnerability in multiple products
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.
local
high complexity
gnu redhat CWE-787
7.0
2022-06-07 CVE-2022-1708 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.
network
low complexity
kubernetes fedoraproject redhat CWE-770
7.5
2022-05-17 CVE-2022-1706 Incorrect Authorization vulnerability in multiple products
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products.
network
low complexity
redhat fedoraproject CWE-863
6.5
2022-04-29 CVE-2022-1227 Improper Privilege Management vulnerability in multiple products
A privilege escalation flaw was found in Podman.
8.8
2022-04-18 CVE-2022-27652 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions.
5.3
2022-04-04 CVE-2022-27649 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
network
high complexity
podman-project redhat fedoraproject CWE-276
7.5
2022-04-04 CVE-2022-27650 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in crun where containers were incorrectly started with non-empty default permissions.
network
high complexity
crun-project fedoraproject redhat CWE-276
7.5
2022-04-01 CVE-2021-20238 Missing Authentication for Critical Function vulnerability in Redhat products
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication.
network
high complexity
redhat CWE-306
3.7
2022-03-03 CVE-2021-3609 .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges.
local
high complexity
linux redhat netapp
7.0