Vulnerabilities > Redhat > Openshift Container Platform > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2019-9514 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service.
7.5
2019-07-31 CVE-2019-10356 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins redhat
8.8
2019-07-31 CVE-2019-10355 Incorrect Type Conversion or Cast vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins redhat CWE-704
8.8
2019-04-23 CVE-2019-2698 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D).
network
high complexity
oracle redhat debian opensuse canonical hp
8.1
2019-04-23 CVE-2019-2602 Resource Exhaustion vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
7.5
2019-04-10 CVE-2019-1003049 Insufficient Session Expiration vulnerability in multiple products
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.
network
high complexity
jenkins redhat oracle CWE-613
8.1
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8
2019-03-21 CVE-2019-7221 Use After Free vulnerability in multiple products
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
7.8
2019-03-21 CVE-2018-20615 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash.
network
low complexity
haproxy opensuse canonical redhat CWE-125
7.5
2019-03-21 CVE-2018-12023 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
7.5