Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift container platform vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2018-1000866
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and previous versions in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers w...
Jenkins Pipeline\\ Groovy
Redhat Openshift Container Platform 3.11
662
VMScore
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and previous versions in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the ...
Jenkins Script Security
Redhat Openshift Container Platform 3.11
2 EDB exploits
6 Github repositories
605
VMScore
CVE-2021-3529
A flaw was found in noobaa-core in versions prior to 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resu...
Redhat Noobaa-operator
Redhat Openshift Container Platform 4.0
668
VMScore
CVE-2019-3899
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
Redhat Openshift Container Platform 3.11
Heketi Project Heketi -
436
VMScore
CVE-2022-0532
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and previous versions. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel na...
Kubernetes Cri-o
Redhat Openshift Container Platform 4.0
436
VMScore
CVE-2020-25639
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions before 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
Linux Linux Kernel
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 8.0
Redhat Messaging Realtime Grid 2.0
Redhat Openshift Container Platform 4.5
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.4
312
VMScore
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and previous versions in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when ...
Jenkins Config File Provider
Redhat Openshift Container Platform 3.11
NA
CVE-2023-2253
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all...
Redhat Openshift Container Platform 4.0
Redhat Openshift Developer Tools And Services -
Redhat Openshift Api For Data Protection -
NA
CVE-2023-6476
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.13
Redhat Openshift Container Platform 4.14
NA
CVE-2023-3153
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an malicious user to cause a denial of service, including on deployments with CoPP enabled and properly configured.
Ovn Open Virtual Network
Redhat Openshift Container Platform 4.0
Redhat Fast Datapath -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »