Total
262 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15137 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2023-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed. | |||||
| CVE-2016-8651 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2023-02-12 | 2.7 LOW | 3.5 LOW |
| An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. | |||||
| CVE-2021-20194 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Openshift Container Platform | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. | |||||
| CVE-2022-1677 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | N/A | 6.3 MEDIUM |
| In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. | |||||
| CVE-2022-2990 | 2 Buildah Project, Redhat | 3 Buildah, Enterprise Linux, Openshift Container Platform | 2023-02-12 | N/A | 7.1 HIGH |
| An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | |||||
| CVE-2020-10712 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 6.4 MEDIUM | 8.2 HIGH |
| A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. | |||||
| CVE-2018-14632 | 2 Redhat, Starcounter-jack | 2 Openshift Container Platform, Json-patch | 2023-02-07 | 4.0 MEDIUM | 7.7 HIGH |
| An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. | |||||
| CVE-2022-1632 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible Automation Platform, Openshift Container Platform | 2022-12-13 | N/A | 6.5 MEDIUM |
| An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. | |||||
| CVE-2021-3827 | 1 Redhat | 4 Enterprise Linux, Keycloak, Openshift Container Platform and 1 more | 2022-11-30 | N/A | 6.8 MEDIUM |
| A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
| CVE-2020-15706 | 7 Canonical, Debian, Gnu and 4 more | 14 Ubuntu Linux, Debian Linux, Grub2 and 11 more | 2022-11-16 | 4.4 MEDIUM | 6.4 MEDIUM |
| GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. | |||||
| CVE-2021-3696 | 3 Gnu, Netapp, Redhat | 13 Grub, Ontap Select Deploy Administration Utility, Codeready Linux Builder and 10 more | 2022-10-28 | 6.9 MEDIUM | 4.5 MEDIUM |
| A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2021-3695 | 4 Fedoraproject, Gnu, Netapp and 1 more | 14 Fedora, Grub, Ontap Select Deploy Administration Utility and 11 more | 2022-10-28 | 4.4 MEDIUM | 4.5 MEDIUM |
| A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2019-2602 | 7 Canonical, Debian, Hp and 4 more | 16 Ubuntu Linux, Debian Linux, Xp7 Command View and 13 more | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-0669 | 3 Dpdk, Openvswitch, Redhat | 3 Data Plane Development Kit, Openvswitch, Openshift Container Platform | 2022-09-01 | N/A | 6.5 MEDIUM |
| A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. | |||||
| CVE-2020-27836 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2022-08-24 | N/A | 9.8 CRITICAL |
| A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.. | |||||
| CVE-2019-2698 | 6 Canonical, Debian, Hp and 3 more | 15 Ubuntu Linux, Debian Linux, Xp7 Command View and 12 more | 2022-08-12 | 6.8 MEDIUM | 8.1 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-27652 | 4 Fedoraproject, Kubernetes, Mobyproject and 1 more | 4 Fedora, Cri-o, Moby and 1 more | 2022-04-27 | 4.6 MEDIUM | 5.3 MEDIUM |
| A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | |||||
| CVE-2020-15705 | 7 Canonical, Debian, Gnu and 4 more | 14 Ubuntu Linux, Debian Linux, Grub2 and 11 more | 2022-04-18 | 4.4 MEDIUM | 6.4 MEDIUM |
| GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. | |||||
| CVE-2022-0532 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2022-02-22 | 4.9 MEDIUM | 4.2 MEDIUM |
| An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | |||||
| CVE-2021-20270 | 4 Debian, Fedoraproject, Pygments and 1 more | 7 Debian Linux, Fedora, Pygments and 4 more | 2021-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | |||||