Redhat

Openshift Container Platform

272 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-1003001

Exploit
  • EPSS 93.98%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:43

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows atta...

8.8

CVE-2019-1003002

Exploit
  • EPSS 93.93%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:43

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permis...

7.2

CVE-2019-1003003

  • EPSS 2.06%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:43

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember M...

7.2

CVE-2019-1003004

  • EPSS 1.65%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:43

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indef...

8.8

CVE-2019-0542

  • EPSS 1.95%
  • Veröffentlicht 09.01.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:49

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.

9.8

CVE-2018-14718

  • EPSS 14.75%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:39

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

9.8

CVE-2018-14719

  • EPSS 2.65%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

9.8

CVE-2018-14720

  • EPSS 3.41%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

10

CVE-2018-14721

  • EPSS 9.9%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

9.8

CVE-2018-19360

  • EPSS 6.78%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:48

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.