Vulnerabilities > Redhat > Openshift Container Platform > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-2990 An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
local
low complexity
buildah-project redhat
7.1
2022-08-31 CVE-2022-2132 A permissive list of allowed inputs flaw was found in DPDK.
network
low complexity
dpdk fedoraproject debian redhat
8.6
2022-07-06 CVE-2021-3697 Out-of-bounds Write vulnerability in multiple products
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.
local
high complexity
gnu redhat CWE-787
7.0
2022-06-07 CVE-2022-1708 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.
network
low complexity
kubernetes fedoraproject redhat CWE-770
7.5
2022-04-29 CVE-2022-1227 Improper Privilege Management vulnerability in multiple products
A privilege escalation flaw was found in Podman.
8.8
2022-04-04 CVE-2022-27649 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
network
high complexity
podman-project redhat fedoraproject CWE-276
7.5
2022-04-04 CVE-2022-27650 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in crun where containers were incorrectly started with non-empty default permissions.
network
high complexity
crun-project fedoraproject redhat CWE-276
7.5
2022-03-03 CVE-2021-3609 .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges.
local
high complexity
linux redhat netapp
7.0
2022-03-02 CVE-2022-0711 Infinite Loop vulnerability in multiple products
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header.
network
low complexity
haproxy redhat debian CWE-835
7.5
2022-02-16 CVE-2021-3560 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.
7.8