Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
931 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-30465 | 3 Fedoraproject, Linuxfoundation, Redhat | 6 Fedora, Runc, Enterprise Linux and 3 more | 2024-08-03 | 8.5 High |
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. | ||||
CVE-2021-29923 | 4 Fedoraproject, Golang, Oracle and 1 more | 13 Fedora, Go, Timesten In-memory Database and 10 more | 2024-08-03 | 7.5 High |
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | ||||
CVE-2021-29622 | 2 Prometheus, Redhat | 2 Prometheus, Openshift | 2024-08-03 | 6.5 Medium |
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus. | ||||
CVE-2021-29059 | 2 Is-svg Project, Redhat | 2 Is-svg, Openshift | 2024-08-03 | 7.5 High |
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. | ||||
CVE-2021-28363 | 4 Fedoraproject, Oracle, Python and 1 more | 4 Fedora, Peoplesoft Enterprise Peopletools, Urllib3 and 1 more | 2024-08-03 | 6.5 Medium |
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | ||||
CVE-2021-28163 | 6 Apache, Eclipse, Fedoraproject and 3 more | 30 Ignite, Solr, Jetty and 27 more | 2024-08-03 | 2.7 Low |
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | ||||
CVE-2021-28169 | 5 Debian, Eclipse, Netapp and 2 more | 14 Debian Linux, Jetty, Active Iq Unified Manager and 11 more | 2024-08-03 | 5.3 Medium |
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. | ||||
CVE-2021-28165 | 5 Eclipse, Jenkins, Netapp and 2 more | 28 Jetty, Jenkins, Cloud Manager and 25 more | 2024-08-03 | 7.5 High |
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | ||||
CVE-2021-28092 | 2 Is-svg Project, Redhat | 3 Is-svg, Acm, Openshift | 2024-08-03 | 7.5 High |
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | ||||
CVE-2021-27292 | 2 Redhat, Ua-parser-js Project | 5 Acm, Jaeger, Logging and 2 more | 2024-08-03 | 7.5 High |
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. | ||||
CVE-2021-26539 | 2 Apostrophecms, Redhat | 2 Sanitize-html, Openshift | 2024-08-03 | 5.3 Medium |
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option. | ||||
CVE-2021-26540 | 2 Apostrophecms, Redhat | 2 Sanitize-html, Openshift | 2024-08-03 | 5.3 Medium |
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com". | ||||
CVE-2021-25736 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2024-08-03 | 5.8 Medium |
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | ||||
CVE-2021-25749 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-03 | 7.8 High |
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | ||||
CVE-2021-22133 | 2 Elastic, Redhat | 2 Apm Agent, Openshift | 2024-08-03 | 2.4 Low |
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent. | ||||
CVE-2021-21685 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 9.1 Critical |
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. | ||||
CVE-2021-21693 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 9.8 Critical |
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||||
CVE-2021-21696 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 9.8 Critical |
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. | ||||
CVE-2021-21686 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 8.1 High |
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. | ||||
CVE-2021-21694 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 9.8 Critical |
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |