Vulnerabilities > Redhat > Openshift Container Platform > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2020-10712 Unspecified vulnerability in Redhat Openshift Container Platform
A flaw was found in OpenShift Container Platform version 4.1 and later.
network
low complexity
redhat
8.2
2020-04-02 CVE-2020-11100 Out-of-bounds Write vulnerability in multiple products
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
8.8
2020-03-31 CVE-2020-10696 Path Traversal vulnerability in multiple products
A path traversal flaw was found in Buildah in versions before 1.14.5.
network
low complexity
buildah-project redhat CWE-22
8.8
2020-03-31 CVE-2020-1712 Use After Free vulnerability in multiple products
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages.
local
low complexity
systemd-project redhat debian CWE-416
7.8
2020-03-09 CVE-2020-1706 Unspecified vulnerability in Redhat Openshift Container Platform
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root.
local
high complexity
redhat
7.0
2020-02-12 CVE-2020-8945 Use After Free vulnerability in multiple products
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O.
network
high complexity
gpgme-project redhat fedoraproject CWE-416
7.5
2020-02-12 CVE-2019-19921 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go.
7.0
2020-02-07 CVE-2020-1708 Unspecified vulnerability in Redhat Openshift Container Platform
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root.
local
high complexity
redhat
7.0
2020-01-07 CVE-2019-14819 Unspecified vulnerability in Redhat Openshift Container Platform 3.10/3.11
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster.
network
low complexity
redhat
8.8
2019-12-10 CVE-2019-13734 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8