Vulnerabilities > Redhat > Openshift Container Platform > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
2021-06-02 CVE-2021-3529 Unspecified vulnerability in Redhat Noobaa-Operator and Openshift Container Platform
A flaw was found in noobaa-core in versions before 5.7.0.
network
low complexity
redhat
7.1
2021-05-14 CVE-2020-27833 Link Following vulnerability in Redhat Openshift Container Platform
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links.
network
high complexity
redhat CWE-59
7.1
2021-03-24 CVE-2019-19354 Unspecified vulnerability in Redhat Openshift Container Platform 4.4
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4.
local
low complexity
redhat
7.8
2021-03-24 CVE-2019-19353 Unspecified vulnerability in Redhat Openshift Container Platform 4.0
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4.
local
high complexity
redhat
7.0
2021-03-24 CVE-2019-19352 Unspecified vulnerability in Redhat Openshift Container Platform 4.0
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4.
local
high complexity
redhat
7.0
2021-03-23 CVE-2021-20270 Infinite Loop vulnerability in multiple products
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
network
low complexity
pygments redhat fedoraproject debian CWE-835
7.5
2021-03-19 CVE-2019-10200 Unspecified vulnerability in Redhat Openshift Container Platform 4.0
A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes.
network
low complexity
redhat
7.2
2021-03-18 CVE-2020-27827 A flaw was found in multiple versions of OpenvSwitch. 7.5
2021-03-16 CVE-2021-3344 Insufficiently Protected Credentials vulnerability in Redhat Openshift Builder and Openshift Container Platform
A privilege escalation flaw was found in OpenShift builder.
network
low complexity
redhat CWE-522
8.8