Vulnerabilities > Redhat > Openshift Container Platform > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-01-02 CVE-2018-14721 Server-Side Request Forgery (SSRF) vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-918
critical
10.0
2019-01-02 CVE-2018-19360 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-19361 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-19362 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2018-12-20 CVE-2018-17246 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin.
network
low complexity
elastic redhat CWE-829
critical
9.8
2018-12-10 CVE-2018-1000861 Deserialization of Untrusted Data vulnerability in multiple products
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
network
low complexity
jenkins redhat CWE-502
critical
9.8
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
9.8
2018-12-05 CVE-2018-1002105 7PK - Errors vulnerability in multiple products
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
network
low complexity
kubernetes redhat netapp CWE-388
critical
9.8
2018-07-19 CVE-2017-7481 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe.
network
low complexity
redhat canonical debian
critical
9.8
2018-07-05 CVE-2018-12910 Out-of-bounds Read vulnerability in multiple products
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
network
low complexity
gnome canonical debian redhat opensuse CWE-125
critical
9.8