redhat openshift 3.5 vulnerabilities and exploits

(subscribe to this query)

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation....

Redhat Openshift 3.0 Redhat Openshift 3.1 Redhat Openshift 3.2 Redhat Openshift 3.3 Redhat Openshift 3.5 Redhat Openshift 3.7 Redhat Openshift 3.8 Redhat Openshift 3.9 Redhat Openshift 3.4 Redhat Openshift 3.6

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod....

Redhat Openshift 3.7 Redhat Openshift 3.9 Redhat Openshift 3.4 Redhat Openshift 3.6 Redhat Openshift 3.0 Redhat Openshift 3.1 Redhat Openshift 3.2 Redhat Openshift 3.3 Redhat Openshift 3.5

A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires...

Redhat Openshift Container Platform 3.5 Redhat Openshift Container Platform 3.7 Redhat Openshift Container Platform 3.4 Redhat Openshift Container Platform 3.6

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then...

Kubernetes Kubernetes Kubernetes Kubernetes 1.9.12 Redhat Openshift Container Platform 3.3 Redhat Openshift Container Platform 3.11 Redhat Openshift Container Platform 3.2 Redhat Openshift Container Platform 3.5 Redhat Openshift Container Platform 3.6 Redhat Openshift Container Platform 3.8 Redhat Openshift Container Platform 3.4 Redhat Openshift Container Platform 3.10 Netapp Trident -43 Github repositories available5 Articles available

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By...

Redhat Openshift Container Platform 3.3 Redhat Openshift Container Platform 3.4 Redhat Openshift Container Platform 3.5 Redhat Openstack 10 Redhat Openstack 11 Redhat Storage Console 2.0 Redhat Virtualization 4.1 Redhat Virtualization Manager 4.1 Redhat Gluster Storage 3.2 Redhat Ansible Engine Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04 Debian Debian Linux 9.0

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords....

Heketi Project Heketi Redhat Gluster Storage 3.0 Redhat Gluster Storage 3.5 Redhat Openshift Container Platform 4.0 Redhat Enterprise Linux 7.0

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new...

Docker Docker Linuxfoundation Runc Linuxfoundation Runc 1.0.0 Redhat Container Development Kit 3.7 Redhat Openshift 3.4 Redhat Openshift 3.5 Redhat Openshift 3.6 Redhat Openshift 3.7 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Server 7.0 Google Kubernetes Engine -Linuxcontainers Lxc Hp Onesphere -Netapp Hci Management Node -Netapp Solidfire -Apache Mesos Opensuse Backports Sle 15.0 Opensuse Leap 15.0 Opensuse Leap 15.1 Opensuse Leap 42.3 D2iq Kubernetes Engine D2iq Dc\\/os Fedoraproject Fedora 30 Fedoraproject Fedora 29 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10 Canonical Ubuntu Linux 19.04 Microfocus Service Management Automation 2018.02 Microfocus Service Management Automation 2018.05 Microfocus Service Management Automation 2018.08 Microfocus Service Management Automation 2018.112 EDB exploits available60 Github repositories available10 Articles available

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web...

Cockpit-project Cockpit Fedoraproject Fedora -Redhat Virtualization 4.0

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook