Vulnerabilities > Redhat > Openshift Container Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2021-3695 | Out-of-bounds Write vulnerability in multiple products A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. | 4.5 |
| 2022-07-06 | CVE-2021-3696 | Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. | 4.5 |
| 2022-05-17 | CVE-2022-1706 | Incorrect Authorization vulnerability in multiple products A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. | 6.5 |
| 2022-04-18 | CVE-2022-27652 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. | 4.6 |
| 2022-03-02 | CVE-2021-3631 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. | 6.3 |
| 2022-02-09 | CVE-2022-0532 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. | 4.9 |
| 2021-06-02 | CVE-2021-3529 | Cross-site Scripting vulnerability in Redhat Noobaa-Operator and Openshift Container Platform A flaw was found in noobaa-core in versions before 5.7.0. | 6.8 |
| 2021-06-02 | CVE-2020-14336 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Openshift Container Platform 3.11/4.5.16/4.6 A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. | 6.5 |
| 2021-06-02 | CVE-2020-10743 | Improperly Implemented Security Check for Standard vulnerability in multiple products It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. | 4.3 |
| 2021-04-01 | CVE-2021-20291 | Improper Locking vulnerability in multiple products A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. | 6.5 |