Redhat

Openshift Container Platform

274 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-1003041

  • EPSS 2.25%
  • Veröffentlicht 28.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:47

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

6.1

CVE-2019-3826

  • EPSS 2.34%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:37

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persis...

10

CVE-2019-7609

Warnung Exploit
  • EPSS 94.45%
  • Veröffentlicht 25.03.2019 19:29:02
  • Zuletzt bearbeitet 07.11.2025 19:36:46

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly le...

7.8

CVE-2019-7221

Exploit
  • EPSS 0.06%
  • Veröffentlicht 21.03.2019 16:01:10
  • Zuletzt bearbeitet 21.11.2024 04:47:46

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

7.5

CVE-2018-20615

  • EPSS 0.17%
  • Veröffentlicht 21.03.2019 16:00:36
  • Zuletzt bearbeitet 21.11.2024 04:01:51

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s...

7.5

CVE-2018-12022

  • EPSS 2.93%
  • Veröffentlicht 21.03.2019 16:00:12
  • Zuletzt bearbeitet 21.11.2024 03:44:25

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in ...

7.5

CVE-2018-12023

  • EPSS 4.66%
  • Veröffentlicht 21.03.2019 16:00:12
  • Zuletzt bearbeitet 21.11.2024 03:44:26

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid...

9.9

CVE-2019-1003029

Warnung
  • EPSS 92.81%
  • Veröffentlicht 08.03.2019 21:29:00
  • Zuletzt bearbeitet 24.10.2025 14:49:04

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/Secure...

9.9

CVE-2019-1003030

Warnung Exploit
  • EPSS 93.01%
  • Veröffentlicht 08.03.2019 21:29:00
  • Zuletzt bearbeitet 24.10.2025 20:48:13

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary cod...

9.9

CVE-2019-1003031

  • EPSS 12.39%
  • Veröffentlicht 08.03.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:46

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.