openshift container platform vulnerabilities and exploits

NA
CVE-2019-11247

Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete...

7.5
CVSSv2
CVE-2019-10744

Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload....

Lodash
4.6
CVSSv2
CVE-2018-20856

An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled....

4.6
CVSSv2
CVE-2018-20854

An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read....

2.1
CVSSv2
CVE-2018-20855

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace....

NA
CVE-2019-1125

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the (CPU) speculatively access memory. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and...

7.5
CVSSv2
CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution....

FasterxmlJackson-databind
7.5
CVSSv2
CVE-2011-5327

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption....

4.9
CVSSv2
CVE-2019-13648

In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects...

7.5
CVSSv2
CVE-2017-18379

In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c....