Vulnerabilities > Redhat > Openshift Container Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-23 CVE-2020-14370 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5.
network
high complexity
podman-project redhat fedoraproject CWE-212
5.3
2020-07-29 CVE-2020-15707 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
6.4
2020-07-29 CVE-2020-15706 Use After Free vulnerability in multiple products
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass.
6.4
2020-07-29 CVE-2020-15705 Improper Verification of Cryptographic Signature vulnerability in multiple products
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed.
6.4
2020-06-03 CVE-2020-10749 A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks.
network
high complexity
linuxfoundation redhat fedoraproject
6.0
2020-05-12 CVE-2020-10706 Unspecified vulnerability in Redhat Openshift Container Platform
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled.
low complexity
redhat
6.6
2020-04-24 CVE-2020-1741 Unspecified vulnerability in Redhat Openshift Container Platform 3.11
A flaw was found in openshift-ansible.
network
high complexity
redhat
5.9
2020-04-23 CVE-2020-1760 Cross-site Scripting vulnerability in multiple products
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3.
6.1
2020-02-11 CVE-2020-1726 A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only.
network
high complexity
libpod-project redhat
5.9
2020-01-07 CVE-2019-14854 Unspecified vulnerability in Redhat Openshift Container Platform 4.1/4.2
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher.
network
low complexity
redhat
6.5