Vulnerabilities > Redhat > Openshift Container Platform > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2022-4039 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled.
network
low complexity
redhat CWE-276
critical
9.8
2022-08-22 CVE-2020-27836 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform 4.6
A flaw was found in cluster-ingress-operator.
network
low complexity
redhat CWE-732
critical
9.8
2020-12-21 CVE-2020-27846 A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject
critical
9.8
2020-03-02 CVE-2019-14892 Deserialization of Untrusted Data vulnerability in multiple products
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes.
network
low complexity
fasterxml redhat apache CWE-502
critical
9.8
2019-09-06 CVE-2019-14813 Incorrect Authorization vulnerability in multiple products
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex redhat fedoraproject opensuse debian CWE-863
critical
9.8
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
9.8
2019-07-19 CVE-2019-1010238 Out-of-bounds Write vulnerability in multiple products
Gnome Pango 1.42 and later is affected by: Buffer Overflow.
network
low complexity
gnome oracle fedoraproject debian canonical redhat CWE-787
critical
9.8
2019-07-09 CVE-2018-11307 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5.
network
low complexity
fasterxml redhat oracle CWE-502
critical
9.8
2019-04-22 CVE-2019-3899 It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse.
network
low complexity
redhat heketi-project
critical
9.8
2019-03-28 CVE-2019-1003040 Unsafe Reflection vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
network
low complexity
jenkins redhat CWE-470
critical
9.8