Filtered by vendor Redhat Subscriptions
Filtered by product Openshift Container Platform Subscriptions
Total 238 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-27786 3 Linux, Netapp, Redhat 6 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller and 3 more 2024-11-21 7.8 High
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-27781 2 Fedoraproject, Redhat 6 Fedora, Ceph, Ceph Storage and 3 more 2024-11-21 7.1 High
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.
CVE-2020-27777 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Openshift Container Platform 2024-11-21 6.7 Medium
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
CVE-2020-25660 2 Fedoraproject, Redhat 5 Fedora, Ceph, Ceph Storage and 2 more 2024-11-21 8.8 High
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
CVE-2020-25639 3 Fedoraproject, Linux, Redhat 5 Fedora, Linux Kernel, Enterprise Linux and 2 more 2024-11-21 4.4 Medium
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
CVE-2020-1760 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 5.8 Medium
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
CVE-2020-1741 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-21 5.9 Medium
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.
CVE-2020-1726 2 Libpod Project, Redhat 4 Libpod, Enterprise Linux, Openshift and 1 more 2024-11-21 5.9 Medium
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
CVE-2020-1712 3 Debian, Redhat, Systemd Project 8 Debian Linux, Ceph Storage, Discovery and 5 more 2024-11-21 7.8 High
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVE-2020-1708 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-21 7 High
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.
CVE-2020-1706 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-21 7 High
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container.
CVE-2020-15707 8 Canonical, Debian, Gnu and 5 more 19 Ubuntu Linux, Debian Linux, Grub2 and 16 more 2024-11-21 5.7 Medium
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-15706 7 Canonical, Debian, Gnu and 4 more 18 Ubuntu Linux, Debian Linux, Grub2 and 15 more 2024-11-21 6.4 Medium
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-15705 7 Canonical, Debian, Gnu and 4 more 18 Ubuntu Linux, Debian Linux, Grub2 and 15 more 2024-11-21 6.4 Medium
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-14370 3 Fedoraproject, Podman Project, Redhat 6 Fedora, Podman, Enterprise Linux and 3 more 2024-11-21 5.3 Medium
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
CVE-2020-14336 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-21 6.5 Medium
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.
CVE-2020-14298 2 Docker, Redhat 4 Docker, Enterprise Linux Server, Openshift Container Platform and 1 more 2024-11-21 8.8 High
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
CVE-2020-11100 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 8.8 High
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
CVE-2020-10763 2 Heketi Project, Redhat 6 Heketi, Enterprise Linux, Gluster Storage and 3 more 2024-11-21 5.5 Medium
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
CVE-2020-10752 1 Redhat 1 Openshift Container Platform 2024-11-21 7.5 High
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.