Vulnerabilities > Redhat > Openshift Container Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2019-19352 | Incorrect Privilege Assignment vulnerability in Redhat Openshift Container Platform 4.0 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. | 7.0 |
| 2021-03-23 | CVE-2021-20270 | Infinite Loop vulnerability in multiple products An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | 5.0 |
| 2021-03-19 | CVE-2019-10225 | Insufficiently Protected Credentials vulnerability in Redhat Openshift and Openshift Container Platform A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. | 6.5 |
| 2021-03-19 | CVE-2019-10200 | Improper Access Control vulnerability in Redhat Openshift Container Platform 4.0 A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. | 9.0 |
| 2021-03-18 | CVE-2020-27827 | Resource Exhaustion vulnerability in multiple products A flaw was found in multiple versions of OpenvSwitch. | 7.5 |
| 2021-03-16 | CVE-2021-3344 | Insufficiently Protected Credentials vulnerability in Redhat Openshift Builder and Openshift Container Platform A privilege escalation flaw was found in OpenShift builder. | 6.5 |
| 2021-03-16 | CVE-2021-20218 | Path Traversal vulnerability in Redhat products A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. | 5.8 |
| 2021-03-04 | CVE-2020-25639 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. | 4.4 |
| 2021-02-23 | CVE-2021-20194 | Improper Input Validation vulnerability in multiple products There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). | 7.8 |
| 2021-02-23 | CVE-2021-20182 | Files or Directories Accessible to External Parties vulnerability in Redhat Openshift Container Platform A privilege escalation flaw was found in openshift4/ose-docker-builder. | 6.5 |