Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10749 | 3 Fedoraproject, Linuxfoundation, Redhat | 4 Fedora, Cni Network Plugins, Enterprise Linux and 1 more | 2023-03-14 | 6.0 MEDIUM | 6.0 MEDIUM |
| A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. | |||||
| CVE-2023-27561 | 2 Linuxfoundation, Redhat | 3 Runc, Enterprise Linux, Openshift Container Platform | 2023-03-10 | N/A | 7.0 HIGH |
| runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | |||||
| CVE-2018-3830 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2023-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2019-19921 | 5 Canonical, Debian, Linuxfoundation and 2 more | 5 Ubuntu Linux, Debian Linux, Runc and 2 more | 2023-03-01 | 4.4 MEDIUM | 7.0 HIGH |
| runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | |||||
| CVE-2019-3889 | 1 Redhat | 1 Openshift Container Platform | 2023-03-01 | 3.5 LOW | 5.4 MEDIUM |
| A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. | |||||
| CVE-2019-1002100 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2023-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. | |||||
| CVE-2021-3697 | 2 Gnu, Redhat | 12 Grub, Codeready Linux Builder, Developer Tools and 9 more | 2023-02-23 | 4.4 MEDIUM | 7.0 HIGH |
| A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 10 Ubuntu Linux, Docker, Fedora and 7 more | 2023-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2023-02-12 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | |||||
| CVE-2021-3609 | 3 Linux, Netapp, Redhat | 43 Linux Kernel, H300e, H300e Firmware and 40 more | 2023-02-12 | 6.9 MEDIUM | 7.0 HIGH |
| .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | |||||
| CVE-2020-1708 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.4 MEDIUM | 7.0 HIGH |
| It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. | |||||
| CVE-2020-1726 | 2 Libpod Project, Redhat | 3 Libpod, Enterprise Linux, Openshift Container Platform | 2023-02-12 | 5.8 MEDIUM | 5.9 MEDIUM |
| A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. | |||||
| CVE-2020-14336 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-1741 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.0 MEDIUM | 5.9 MEDIUM |
| A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality. | |||||
| CVE-2020-1706 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.4 MEDIUM | 7.0 HIGH |
| It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container. | |||||
| CVE-2020-14298 | 2 Docker, Redhat | 3 Docker, Enterprise Linux Server, Openshift Container Platform | 2023-02-12 | 4.6 MEDIUM | 8.8 HIGH |
| The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected. | |||||
| CVE-2020-10743 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2023-02-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking. | |||||
| CVE-2019-3899 | 2 Heketi Project, Redhat | 2 Heketi, Openshift Container Platform | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11. | |||||
| CVE-2020-10706 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.6 MEDIUM | 6.6 MEDIUM |
| A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. | |||||
| CVE-2019-3815 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 2.1 LOW | 3.3 LOW |
| A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. | |||||