Vulnerabilities > Redhat > Openshift Container Platform > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-13 | CVE-2019-9514 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. | 7.5 |
2019-07-31 | CVE-2019-10356 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |
2019-07-31 | CVE-2019-10355 | Incorrect Type Conversion or Cast vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |
2019-04-23 | CVE-2019-2698 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). | 8.1 |
2019-04-23 | CVE-2019-2602 | Resource Exhaustion vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 7.5 |
2019-04-10 | CVE-2019-1003049 | Insufficient Session Expiration vulnerability in multiple products Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. | 8.1 |
2019-04-08 | CVE-2019-0211 | Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. | 7.8 |
2019-03-21 | CVE-2019-7221 | Use After Free vulnerability in multiple products The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | 7.8 |
2019-03-21 | CVE-2018-20615 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. | 7.5 |
2019-03-21 | CVE-2018-12023 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. | 7.5 |