Vulnerabilities > Redhat > Openshift
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |
| 2018-09-21 | CVE-2018-14645 | Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. | 7.5 |
| 2018-09-10 | CVE-2016-7075 | Improper Certificate Validation vulnerability in multiple products It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. | 8.1 |
| 2018-08-01 | CVE-2016-8651 | Improper Input Validation vulnerability in Redhat Openshift and Openshift Container Platform An input validation flaw was found in the way OpenShift 3 handles requests for images. | 3.5 |
| 2018-07-31 | CVE-2016-8631 | Improper Input Validation vulnerability in Redhat Openshift 3.0/3.3 The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. | 7.7 |
| 2018-07-16 | CVE-2017-15137 | Improper Input Validation vulnerability in Redhat Openshift and Openshift Container Platform The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. | 5.3 |
| 2018-07-13 | CVE-2018-10875 | Untrusted Search Path vulnerability in multiple products A flaw was found in ansible. | 4.6 |
| 2018-07-05 | CVE-2018-10885 | Improper Input Validation vulnerability in Redhat Openshift In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. | 5.0 |
| 2018-05-11 | CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 4.0 |
| 2018-05-08 | CVE-2017-2611 | Incorrect Authorization vulnerability in multiple products Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). | 4.0 |