Vulnerabilities > Redhat > Openshift Container Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2021-3529 | Cross-site Scripting vulnerability in Redhat Noobaa-Operator and Openshift Container Platform A flaw was found in noobaa-core in versions before 5.7.0. | 6.8 |
| 2021-06-02 | CVE-2020-14336 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Openshift Container Platform 3.11/4.5.16/4.6 A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. | 6.5 |
| 2021-06-02 | CVE-2020-10743 | Improperly Implemented Security Check for Standard vulnerability in multiple products It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. | 4.3 |
| 2021-04-01 | CVE-2021-20291 | Improper Locking vulnerability in multiple products A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. | 6.5 |
| 2021-03-24 | CVE-2019-19353 | Incorrect Privilege Assignment vulnerability in Redhat Openshift Container Platform 4.0 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. | 6.9 |
| 2021-03-23 | CVE-2021-20270 | Infinite Loop vulnerability in multiple products An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | 5.0 |
| 2021-03-19 | CVE-2019-10225 | Insufficiently Protected Credentials vulnerability in Redhat Openshift and Openshift Container Platform A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. | 6.5 |
| 2021-03-16 | CVE-2021-3344 | Insufficiently Protected Credentials vulnerability in Redhat Openshift Builder and Openshift Container Platform A privilege escalation flaw was found in OpenShift builder. | 6.5 |
| 2021-03-16 | CVE-2021-20218 | Path Traversal vulnerability in Redhat products A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. | 5.8 |
| 2021-03-04 | CVE-2020-25639 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. | 4.4 |