Redhat

Openshift Container Platform

321 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 81.55%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:43

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permis...

  • EPSS 1.55%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:43

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember M...

  • EPSS 1.62%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:43

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indef...

  • EPSS 3.18%
  • Veröffentlicht 09.01.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:49

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.

  • EPSS 12.68%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:39

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

  • EPSS 9.68%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

  • EPSS 7.52%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

  • EPSS 10.46%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

  • EPSS 10.6%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:48

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

  • EPSS 10.6%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:48

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.