VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Redhat
>
Openshift Container Platform
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2019-01-22
CVE-2019-1003004
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
network
low complexity
jenkins
redhat
7.2
7.2
2019-01-22
CVE-2019-1003003
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g.
network
low complexity
jenkins
redhat
7.2
7.2
2019-01-22
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
network
low complexity
jenkins
redhat
8.8
8.8
2019-01-22
CVE-2019-1003001
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
network
low complexity
jenkins
redhat
8.8
8.8
2019-01-22
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins
redhat
8.8
8.8
2019-01-09
CVE-2019-0542
Code Injection vulnerability in multiple products
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
network
low complexity
xtermjs
redhat
CWE-94
8.8
8.8
2018-12-20
CVE-2018-17246
Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin.
network
low complexity
elastic
redhat
CWE-829
7.5
7.5
2018-12-12
CVE-2018-20103
Infinite Loop vulnerability in multiple products
An issue was discovered in dns.c in HAProxy through 1.8.14.
network
low complexity
haproxy
canonical
redhat
CWE-835
7.5
7.5
2018-12-12
CVE-2018-20102
Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14.
network
low complexity
haproxy
canonical
redhat
CWE-125
7.5
7.5
2018-11-23
CVE-2018-19477
Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
local
low complexity
artifex
debian
canonical
redhat
CWE-704
7.8
7.8
«
Previous
1
2
...
5
6
7
8
(current)
9
»
Next