Vulnerabilities > Redhat > Openshift > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2022-12-09 | CVE-2022-3259 | Unspecified vulnerability in Redhat Openshift 4.9 Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. | 7.4 |
2022-12-08 | CVE-2022-3262 | Insecure Default Initialization of Resource vulnerability in Redhat Openshift 4.9 A flaw was found in Openshift. | 8.1 |
2022-10-19 | CVE-2013-4253 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0 The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. | 7.5 |
2022-08-24 | CVE-2021-4125 | Deserialization of Untrusted Data vulnerability in Redhat Openshift It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. | 8.1 |
2022-07-06 | CVE-2021-3697 | Out-of-bounds Write vulnerability in multiple products A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. | 7.0 |
2022-04-11 | CVE-2021-4047 | Unspecified vulnerability in Redhat Openshift 4.9 The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. | 7.5 |
2021-06-02 | CVE-2020-35514 | Unspecified vulnerability in Redhat Openshift An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. | 7.0 |
2021-03-24 | CVE-2019-19350 | Unspecified vulnerability in Redhat Openshift 3.11/4.0 An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. | 7.8 |
2021-03-24 | CVE-2019-19349 | Unspecified vulnerability in Redhat Openshift 4.0 An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. | 7.8 |