Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2021-03-04 CVE-2020-25639 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC.
local
low complexity
linux fedoraproject redhat
4.4
2021-02-23 CVE-2021-20194 There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered).
local
low complexity
linux redhat
7.8
2021-02-23 CVE-2021-20182 Unspecified vulnerability in Redhat Openshift Container Platform
A privilege escalation flaw was found in openshift4/ose-docker-builder.
network
low complexity
redhat
8.8
2021-02-11 CVE-2021-20188 A flaw was found in podman before 1.7.0.
local
high complexity
podman-project redhat
7.0
2020-12-21 CVE-2020-27846 A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject
critical
9.8
2020-12-18 CVE-2020-27781 Insufficiently Protected Credentials vulnerability in multiple products
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation.
local
low complexity
redhat fedoraproject CWE-522
7.1
2020-12-15 CVE-2020-27777 A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication.
local
low complexity
linux redhat
6.7
2020-12-11 CVE-2020-27786 A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.
local
low complexity
linux redhat netapp
7.8
2020-12-02 CVE-2020-27816 Open Redirect vulnerability in multiple products
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource.
network
low complexity
elastic redhat CWE-601
6.1
2020-11-24 CVE-2020-10763 Information Exposure Through Log Files vulnerability in multiple products
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information.
local
low complexity
heketi-project redhat CWE-532
5.5