Vulnerabilities > Redhat > Openshift Container Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-0532 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. | 4.9 |
| 2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
| 2021-06-02 | CVE-2021-3529 | Cross-site Scripting vulnerability in Redhat Noobaa-Operator and Openshift Container Platform A flaw was found in noobaa-core in versions before 5.7.0. | 6.8 |
| 2021-06-02 | CVE-2020-14336 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Openshift Container Platform 3.11/4.5.16/4.6 A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. | 6.5 |
| 2021-06-02 | CVE-2020-10743 | Improperly Implemented Security Check for Standard vulnerability in multiple products It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. | 4.3 |
| 2021-05-26 | CVE-2021-20297 | Improper Input Validation vulnerability in multiple products A flaw was found in NetworkManager in versions before 1.30.0. | 2.1 |
| 2021-05-14 | CVE-2020-27833 | Link Following vulnerability in Redhat Openshift Container Platform A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. | 7.1 |
| 2021-04-01 | CVE-2021-20291 | Improper Locking vulnerability in multiple products A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. | 6.5 |
| 2021-03-24 | CVE-2019-19354 | Incorrect Privilege Assignment vulnerability in Redhat Openshift Container Platform 4.4 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. | 7.8 |
| 2021-03-24 | CVE-2019-19353 | Incorrect Privilege Assignment vulnerability in Redhat Openshift Container Platform 4.0 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. | 6.9 |