Vulnerabilities > Redhat > Openshift Container Platform > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-11 | CVE-2018-10937 | Cross-site Scripting vulnerability in Redhat Openshift Container Platform 3.11 A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. | 5.4 |
2018-09-05 | CVE-2016-1000232 | Improper Input Validation vulnerability in multiple products NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. | 5.3 |
2018-08-13 | CVE-2017-15138 | Information Exposure vulnerability in Redhat Openshift Container Platform 3.9 The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | 5.0 |
2018-07-27 | CVE-2017-12195 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. | 4.8 |
2018-07-25 | CVE-2018-13988 | Out-of-bounds Read vulnerability in multiple products Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. | 6.5 |
2018-07-16 | CVE-2017-15137 | Unspecified vulnerability in Redhat Openshift and Openshift Container Platform The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. | 5.3 |
2018-07-01 | CVE-2018-13033 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. | 5.5 |
2018-04-26 | CVE-2018-10237 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | 5.9 |