Vulnerabilities > Redhat > Openshift Container Platform > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2020-27833 | Link Following vulnerability in Redhat Openshift Container Platform A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. | 7.1 |
| 2021-03-24 | CVE-2019-19354 | Incorrect Privilege Assignment vulnerability in Redhat Openshift Container Platform 4.4 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. | 7.8 |
| 2021-03-24 | CVE-2019-19352 | Incorrect Privilege Assignment vulnerability in Redhat Openshift Container Platform 4.0 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. | 7.0 |
| 2021-03-18 | CVE-2020-27827 | Resource Exhaustion vulnerability in multiple products A flaw was found in multiple versions of OpenvSwitch. | 7.5 |
| 2021-02-23 | CVE-2021-20194 | Improper Input Validation vulnerability in multiple products There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). | 7.8 |
| 2020-12-18 | CVE-2020-27781 | Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. | 7.1 |
| 2020-12-11 | CVE-2020-27786 | Use After Free vulnerability in multiple products A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. | 7.8 |
| 2020-11-23 | CVE-2020-25660 | Authentication Bypass by Capture-replay vulnerability in multiple products A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. | 8.8 |
| 2020-07-13 | CVE-2020-14298 | Improper Check for Dropped Privileges vulnerability in multiple products The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. | 8.8 |
| 2020-04-22 | CVE-2020-10712 | Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. | 8.2 |