Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
931 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-10696 | 2 Buildah Project, Redhat | 5 Buildah, Enterprise Linux, Openshift and 2 more | 2024-08-04 | 8.8 High |
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||||
CVE-2020-9283 | 3 Debian, Golang, Redhat | 7 Debian Linux, Package Ssh, 3scale Amp and 4 more | 2024-08-04 | 7.5 High |
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | ||||
CVE-2020-8945 | 3 Fedoraproject, Gpgme Project, Redhat | 12 Fedora, Gpgme, Enterprise Linux and 9 more | 2024-08-04 | 7.5 High |
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. | ||||
CVE-2020-8608 | 4 Debian, Libslirp Project, Opensuse and 1 more | 11 Debian Linux, Libslirp, Leap and 8 more | 2024-08-04 | 5.6 Medium |
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | ||||
CVE-2020-8552 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-08-04 | 5.3 Medium |
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. | ||||
CVE-2020-8551 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-08-04 | 4.3 Medium |
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. | ||||
CVE-2020-8203 | 3 Lodash, Oracle, Redhat | 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more | 2024-08-04 | 7.4 High |
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | ||||
CVE-2020-7662 | 2 Redhat, Websocket-extensions Project | 3 Openshift, Service Mesh, Websocket-extensions | 2024-08-04 | 7.5 High |
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | ||||
CVE-2020-7598 | 3 Opensuse, Redhat, Substack | 9 Leap, Enterprise Linux, Openshift and 6 more | 2024-08-04 | 5.6 Medium |
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. | ||||
CVE-2020-7211 | 4 Libslirp Project, Microsoft, Qemu and 1 more | 4 Libslirp, Windows, Qemu and 1 more | 2024-08-04 | 7.5 High |
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | ||||
CVE-2020-7039 | 5 Debian, Libslirp Project, Opensuse and 2 more | 12 Debian Linux, Libslirp, Leap and 9 more | 2024-08-04 | 5.6 Medium |
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. | ||||
CVE-2020-7015 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-08-04 | 5.4 Medium |
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization. | ||||
CVE-2020-7013 | 2 Elastic, Redhat | 3 Kibana, Openshift, Openshift Container Platform | 2024-08-04 | 7.2 High |
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. | ||||
CVE-2020-2308 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-08-04 | 4.3 Medium |
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | ||||
CVE-2020-2304 | 2 Jenkins, Redhat | 2 Subversion, Openshift | 2024-08-04 | 6.5 Medium |
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
CVE-2020-2309 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-08-04 | 4.3 Medium |
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
CVE-2020-2307 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-08-04 | 4.3 Medium |
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | ||||
CVE-2020-2305 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-08-04 | 6.5 Medium |
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
CVE-2020-2306 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-08-04 | 4.3 Medium |
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. | ||||
CVE-2020-2225 | 2 Jenkins, Redhat | 2 Matrix Project, Openshift | 2024-08-04 | 5.4 Medium |
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. |