Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-20 | CVE-2020-1707 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. | 7.0 |
| 2020-03-20 | CVE-2019-19345 | Incorrect Privilege Assignment vulnerability in Redhat Openshift A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. | 7.8 |
| 2020-03-19 | CVE-2020-1705 | Incorrect Privilege Assignment vulnerability in Redhat Template Service Broker Operator 4.0.0/4.2.0 A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. | 7.0 |
| 2020-03-18 | CVE-2019-19355 | Incorrect Privilege Assignment vulnerability in Redhat Openshift 4.0 An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. | 7.0 |
| 2020-03-18 | CVE-2019-19351 | Incorrect Privilege Assignment vulnerability in Redhat Openshift 3.11/4.0 An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. | 7.0 |
| 2020-03-12 | CVE-2020-10531 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. network low complexity icu-project redhat google fedoraproject debian canonical opensuse oracle nodejs CWE-190 | 8.8 |
| 2020-03-09 | CVE-2020-1737 | Path Traversal vulnerability in Redhat Ansible Tower A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. | 7.8 |
| 2020-03-09 | CVE-2020-1706 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. | 7.0 |
| 2020-03-04 | CVE-2020-8659 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. | 7.5 |
| 2020-03-03 | CVE-2020-1734 | OS Command Injection vulnerability in Redhat Ansible Engine and Ansible Tower A flaw was found in the pipe lookup plugin of ansible. | 7.4 |