Vulnerabilities > Redhat > Openshift

DATE CVE VULNERABILITY TITLE RISK
2019-02-11 CVE-2019-5736 OS Command Injection vulnerability in multiple products
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec.
8.6
2018-09-21 CVE-2018-14645 Out-of-bounds Read vulnerability in multiple products
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2.
network
low complexity
haproxy canonical redhat CWE-125
7.5
2018-09-10 CVE-2016-7075 It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields.
network
high complexity
kubernetes redhat
8.1
2018-08-01 CVE-2016-8651 Unspecified vulnerability in Redhat Openshift and Openshift Container Platform
An input validation flaw was found in the way OpenShift 3 handles requests for images.
low complexity
redhat
3.5
2018-07-31 CVE-2016-8631 Unspecified vulnerability in Redhat Openshift 3.0/3.3
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes.
network
low complexity
redhat
7.7
2018-07-16 CVE-2017-15137 Unspecified vulnerability in Redhat Openshift and Openshift Container Platform
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example.
network
low complexity
redhat
5.3
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-07-05 CVE-2018-10885 Improper Input Validation vulnerability in Redhat Openshift
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin.
network
low complexity
redhat CWE-20
7.5
2018-05-11 CVE-2018-1257 Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware redhat oracle
6.5
2018-05-08 CVE-2017-2611 Incorrect Authorization vulnerability in multiple products
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389).
network
low complexity
jenkins redhat CWE-863
4.3