Vulnerabilities > Redhat > Openshift Container Platform > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-17 CVE-2019-14287 Improper Handling of Exceptional Conditions vulnerability in multiple products
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID.
8.8
2019-10-17 CVE-2019-11253 XML Entity Expansion vulnerability in multiple products
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.
network
low complexity
kubernetes redhat CWE-776
7.5
2019-09-30 CVE-2019-16276 HTTP Request Smuggling vulnerability in multiple products
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
7.5
2019-09-25 CVE-2019-16884 Incorrect Authorization vulnerability in multiple products
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
7.5
2019-09-17 CVE-2019-14835 A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. 7.8
2019-09-03 CVE-2019-14817 Incorrect Authorization vulnerability in multiple products
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
7.8
2019-09-03 CVE-2019-14811 Incorrect Authorization vulnerability in multiple products
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
7.8
2019-08-29 CVE-2019-11247 Incorrect Authorization vulnerability in multiple products
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced.
network
low complexity
kubernetes redhat CWE-863
8.1
2019-08-28 CVE-2019-10384 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
network
low complexity
jenkins oracle redhat CWE-352
8.8
2019-08-13 CVE-2019-9515 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.
7.5