Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2021-03-24 CVE-2019-19353 Unspecified vulnerability in Redhat Openshift Container Platform 4.0
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4.
local
high complexity
redhat
7.0
2021-03-24 CVE-2019-19352 Unspecified vulnerability in Redhat Openshift Container Platform 4.0
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4.
local
high complexity
redhat
7.0
2021-03-23 CVE-2021-20270 Infinite Loop vulnerability in multiple products
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
network
low complexity
pygments redhat fedoraproject debian CWE-835
7.5
2021-03-19 CVE-2019-10225 Unspecified vulnerability in Redhat Openshift and Openshift Container Platform
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey.
network
low complexity
redhat
6.3
2021-03-19 CVE-2019-10200 Unspecified vulnerability in Redhat Openshift Container Platform 4.0
A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes.
network
low complexity
redhat
7.2
2021-03-18 CVE-2020-27827 A flaw was found in multiple versions of OpenvSwitch. 7.5
2021-03-16 CVE-2021-3344 Insufficiently Protected Credentials vulnerability in Redhat Openshift Builder and Openshift Container Platform
A privilege escalation flaw was found in OpenShift builder.
network
low complexity
redhat CWE-522
8.8
2021-03-16 CVE-2021-20218 Unspecified vulnerability in Redhat products
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after.
network
high complexity
redhat
7.4
2021-03-04 CVE-2020-25639 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC.
local
low complexity
linux fedoraproject redhat
4.4
2021-02-23 CVE-2021-20194 There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered).
local
low complexity
linux redhat
7.8