Vulnerabilities > Redhat > Openshift Container Platform > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-21 | CVE-2018-14645 | Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. | 7.5 |
2018-09-06 | CVE-2018-14632 | Out-of-bounds Write vulnerability in multiple products An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. | 7.7 |
2018-09-05 | CVE-2018-16540 | Use After Free vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. | 7.8 |
2018-08-21 | CVE-2018-12115 | Out-of-bounds Write vulnerability in multiple products In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. | 7.5 |
2018-07-02 | CVE-2018-10843 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. | 8.8 |
2018-06-12 | CVE-2018-1070 | Improper Input Validation vulnerability in Redhat Openshift Container Platform routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. | 7.5 |
2018-01-22 | CVE-2018-5968 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. | 8.1 |