Vulnerabilities > Redhat > Openshift Container Platform > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-23 | CVE-2020-14370 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. | 5.3 |
2020-07-29 | CVE-2020-15707 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. | 6.4 |
2020-07-29 | CVE-2020-15706 | Use After Free vulnerability in multiple products GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. | 6.4 |
2020-07-29 | CVE-2020-15705 | Improper Verification of Cryptographic Signature vulnerability in multiple products GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. | 6.4 |
2020-06-03 | CVE-2020-10749 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. | 6.0 |
2020-05-12 | CVE-2020-10706 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. low complexity redhat | 6.6 |
2020-04-24 | CVE-2020-1741 | Unspecified vulnerability in Redhat Openshift Container Platform 3.11 A flaw was found in openshift-ansible. | 5.9 |
2020-04-23 | CVE-2020-1760 | Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. | 6.1 |
2020-02-11 | CVE-2020-1726 | A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. | 5.9 |
2020-01-07 | CVE-2019-14854 | Unspecified vulnerability in Redhat Openshift Container Platform 4.1/4.2 OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. | 6.5 |