Vulnerabilities > Redhat > Openshift Container Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-11 CVE-2018-10937 Cross-site Scripting vulnerability in Redhat Openshift Container Platform 3.11
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11.
network
low complexity
redhat CWE-79
5.4
2018-09-05 CVE-2016-1000232 Improper Input Validation vulnerability in multiple products
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service.
network
low complexity
salesforce ibm redhat CWE-20
5.3
2018-08-13 CVE-2017-15138 Information Exposure vulnerability in Redhat Openshift Container Platform 3.9
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
network
low complexity
redhat CWE-200
5.0
2018-07-27 CVE-2017-12195 Unspecified vulnerability in Redhat Openshift Container Platform
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin.
network
high complexity
redhat
4.8
2018-07-25 CVE-2018-13988 Out-of-bounds Read vulnerability in multiple products
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite.
network
low complexity
freedesktop canonical debian redhat CWE-125
6.5
2018-07-16 CVE-2017-15137 Unspecified vulnerability in Redhat Openshift and Openshift Container Platform
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example.
network
low complexity
redhat
5.3
2018-07-01 CVE-2018-13033 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c.
local
low complexity
gnu redhat CWE-770
5.5
2018-04-26 CVE-2018-10237 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
network
high complexity
google redhat oracle CWE-770
5.9