CVE-2026-42010

all versions

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest-Shamir-Adleman - Pre-Shared Key) wrongfully matched usernames

7.1HIGH

CVE-2026-3833

all versions

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labe

6.5MEDIUM

CVE-2026-3832

all versions

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificat

3.7LOW

CVE-2026-33845

all versions

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer und

7.5HIGH

CVE-2026-7309

all versions

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environ

4.3MEDIUM

CVE-2026-6732

all versions

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD)

6.5MEDIUM

CVE-2026-31431

all versions

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This m

7.8HIGH

CVE-2026-4878

all versions

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `c

6.7MEDIUM

CVE-2026-5745

all versions

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the

5.5MEDIUM

CVE-2026-5121

all versions

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation

7.5HIGH

CVE-2026-0966

all versions

A flaw was found in libssh. The API function ssh_get_hexa() is vulnerable to a denial of service when processing zero-length inp

8.2HIGH

CVE-2026-0964

all versions

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working di

6.3MEDIUM

CVE-2026-4897

all versions

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-

5.5MEDIUM

CVE-2026-4647

all versions

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and execu

6.1MEDIUM

CVE-2026-4426

all versions

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper v

6.5MEDIUM

CVE-2026-4424

all versions

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to impro

7.5HIGH

CVE-2026-3442

all versions

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in

6.1MEDIUM

CVE-2026-3441

all versions

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd lin

6.1MEDIUM

CVE-2025-12801

all versions

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to

6.5MEDIUM

CVE-2025-13601

all versions

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string(

7.7HIGH

CVE-2025-8283

all versions

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domai

3.7LOW

CVE-2025-7519

all versions

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be

6.7MEDIUM

CVE-2025-7424

all versions

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead t

7.5HIGH

CVE-2025-32990

all versions

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utilit

6.5MEDIUM

CVE-2025-32989

all versions

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Ti

5.3MEDIUM

CVE-2025-32988

all versions

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic o

6.5MEDIUM

CVE-2025-5351

all versions

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting c

6.5MEDIUM

CVE-2025-5372

all versions

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible

5.0MEDIUM

CVE-2025-5318

all versions

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle fun

8.1HIGH

CVE-2025-6170

all versions

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an over

2.5LOW

CVE-2025-6021

all versions

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-base

7.5HIGH

CVE-2025-5918

all versions

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar,

3.9LOW

CVE-2025-5917

all versions

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling pre

2.8LOW

CVE-2025-5916

all versions

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when p

3.9LOW

CVE-2025-5915

all versions

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a

6.6MEDIUM

CVE-2025-5914

all versions

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() functio

7.8HIGH

CVE-2025-4598

all versions

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a

4.7MEDIUM

CVE-2025-0678

all versions

A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters f

7.8HIGH

CVE-2024-45782

all versions

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a

7.8HIGH

CVE-2024-45778

all versions

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing

4.1MEDIUM

CVE-2025-26465

all versions

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed

6.8MEDIUM

CVE-2024-12088

all versions

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link dest

6.5MEDIUM

CVE-2024-12086

all versions

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This

6.1MEDIUM

CVE-2024-12085

all versions

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate

7.5HIGH

CVE-2024-50312

all versions

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthor

5.3MEDIUM

CVE-2024-50311

all versions

A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functio

6.5MEDIUM

CVE-2024-9676

all versions

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can c

6.5MEDIUM

CVE-2024-9675

all versions

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our

7.8HIGH

CVE-2024-9341

all versions

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to

5.4MEDIUM

CVE-2024-8883

all versions

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid

6.1MEDIUM

CVE-2024-4629

all versions

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of log

6.5MEDIUM

CVE-2024-3056

all versions

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to shar

7.7HIGH

CVE-2024-7079

all versions

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm

6.5MEDIUM

CVE-2024-6387

all versions

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to

8.1HIGH

CVE-2024-5154

all versions

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal

8.1HIGH

CVE-2024-5037

all versions

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the is

7.5HIGH

CVE-2024-1132

all versions

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker

8.1HIGH

CVE-2024-0406

>= 4.18 and < 4.18.4

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, w

6.1MEDIUM

CVE-2024-1725

all versions

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an

6.5MEDIUM

CVE-2024-1635

all versions

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Wheneve

7.5HIGH

CVE-2023-6291

all versions

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed h

7.1HIGH

CVE-2023-6476

all versions

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod t

6.5MEDIUM

CVE-2023-2585

all versions

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse th

3.5LOW

CVE-2023-48795

all versions

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker

5.9MEDIUM

CVE-2023-6134

all versions

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token.

4.6MEDIUM

CVE-2023-6563

all versions

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have milli

7.7HIGH

CVE-2023-5408

all versions

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote

7.2HIGH

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2023-5366

all versions

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rul

7.1HIGH

CVE-2022-3248

all versions

A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacke

4.4MEDIUM

CVE-2022-4145

all versions

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject tex

4.3MEDIUM

CVE-2023-3153

all versions

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an att

5.3MEDIUM

CVE-2023-2422

all versions

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not proper

5.5MEDIUM

CVE-2023-4066

all versions

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in A

5.5MEDIUM

CVE-2023-4065

all versions

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plai

5.5MEDIUM

CVE-2023-3223

all versions

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart conten

7.5HIGH

CVE-2023-1260

all versions

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker w

8.0HIGH

CVE-2022-4039

all versions

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management inter

8.0HIGH

CVE-2022-3916

all versions

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if co

6.8MEDIUM

CVE-2023-4853

all versions

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when acceptin

8.1HIGH

CVE-2022-3466

all versions

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-202

4.8MEDIUM

CVE-2023-1108

all versions

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status update

7.5HIGH

CVE-2023-0264

all versions

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated at

5.0MEDIUM

CVE-2022-4361

all versions

Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OI

10.0CRITICAL

CVE-2023-3089

all versions

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, n

7.0HIGH

CVE-2023-2253

all versions

A flaw was found in the /v2/_catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum num

6.5MEDIUM

CVE-2023-1668

all versions

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without th

8.2HIGH

CVE-2022-1274

all versions

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails se

5.4MEDIUM

CVE-2021-3684

all versions

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked

5.5MEDIUM

CVE-2023-0056

all versions

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow

6.5MEDIUM

CVE-2023-27561

all versions

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To e

7.0HIGH

CVE-2021-4294

all versions

A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/

2.6LOW

CVE-2022-2990

all versions

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosu

7.1HIGH

CVE-2022-2989

all versions

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosur

7.1HIGH

CVE-2022-1677

all versions

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed e

6.3MEDIUM

CVE-2022-1632

all versions

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set

6.5MEDIUM

CVE-2022-2132

all versions

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service trigg

8.6HIGH

CVE-2022-0718

all versions

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect maskin

4.9MEDIUM

CVE-2022-0669

all versions

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data t

6.5MEDIUM

CVE-2021-3669

all versions

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts

5.5MEDIUM

CVE-2021-3827

all versions

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting t

6.8MEDIUM

CVE-2020-27836

all versions

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges coul

9.8CRITICAL

CVE-2021-3697

all versions

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.

7.0HIGH

CVE-2021-3696

all versions

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in

4.5MEDIUM

CVE-2021-3695

all versions

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to

4.5MEDIUM

CVE-2022-1708

all versions

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.

7.5HIGH

CVE-2022-1706

all versions

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware

6.5MEDIUM

CVE-2022-1227

all versions

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. O

8.8HIGH

CVE-2022-27652

all versions

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found

5.3MEDIUM

CVE-2022-27650

all versions

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found i

7.5HIGH

CVE-2022-27649

all versions

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was foun

7.5HIGH

CVE-2021-20238

all versions

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed external

3.7LOW

CVE-2021-3609

all versions

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsy

7.0HIGH

CVE-2021-3631

all versions

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited

6.3MEDIUM

CVE-2022-0711

all versions

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacke

7.5HIGH

CVE-2021-3560

all versions

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the

7.8HIGH

CVE-2022-0532

all versions

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls spe

4.2MEDIUM

CVE-2021-4104

all versions

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config

7.5HIGH

CVE-2021-3529

all versions

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an

7.1HIGH

CVE-2020-14336

all versions

A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This

6.5MEDIUM

CVE-2020-10743

all versions

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible

4.3MEDIUM

CVE-2021-20297

all versions

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager.

5.5MEDIUM

CVE-2020-27833

<= 4.7

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a spec

7.1HIGH

CVE-2021-20291

all versions

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is process

6.5MEDIUM

CVE-2019-19354

>= 4.4 and < 4.4.3

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Op

7.8HIGH

CVE-2019-19353

all versions

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Open

7.0HIGH

CVE-2019-19352

all versions

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Op

7.0HIGH

CVE-2021-20270

all versions

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting o

7.5HIGH

CVE-2019-10225

all versions

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't suffi

6.3MEDIUM

CVE-2019-10200

all versions

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability

7.2HIGH

CVE-2020-27827

all versions

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating d

7.5HIGH

CVE-2021-3344

>= 4.5 and < 4.5.33

A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatic

8.8HIGH

CVE-2021-20218

all versions

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause

7.4HIGH

CVE-2020-25639

all versions

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in

4.4MEDIUM

CVE-2021-20194

all versions

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y

7.8HIGH

CVE-2021-20182

>= 4.4 and < 4.4.33

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chro

8.8HIGH

CVE-2021-20188

all versions

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly c

7.0HIGH

CVE-2020-27846

all versions

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The hig

9.8CRITICAL

CVE-2020-27781

all versions

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege es

7.1HIGH

CVE-2020-27777

all versions

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Se

6.7MEDIUM

CVE-2020-27786

all versions

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to iss

7.8HIGH

CVE-2020-27816

all versions

The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible

6.1MEDIUM

CVE-2020-10763

all versions

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker

5.5MEDIUM

CVE-2020-25660

all versions

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph

8.8HIGH

CVE-2020-14370

all versions

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink

5.3MEDIUM

CVE-2020-15707

all versions

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shi

5.7MEDIUM

CVE-2020-15706

all versions

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered

6.4MEDIUM

CVE-2020-15705

all versions

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects

6.4MEDIUM

CVE-2020-14298

>= 3.0 and <= 3.7.61

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version

8.8HIGH

CVE-2020-10752

all versions

A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs wh

7.5HIGH

CVE-2020-7013

all versions

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to cr

7.2HIGH

CVE-2020-10749

all versions

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in

6.0MEDIUM

CVE-2020-10706

all versions

A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabl

6.3MEDIUM

CVE-2020-1741

all versions

A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allo

5.9MEDIUM

CVE-2020-1760

all versions

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lea

5.8MEDIUM

CVE-2020-10712

<= 4.1

A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image

7.0HIGH

CVE-2020-11100

all versions

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbit

8.8HIGH

CVE-2020-10696

all versions

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a

8.8HIGH

CVE-2020-1712

all versions

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed

7.8HIGH

CVE-2020-1706

all versions

It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple c

7.0HIGH

CVE-2019-14892

all versions

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deser

9.8CRITICAL

CVE-2020-8945

all versions

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pull

7.5HIGH

CVE-2019-19921

all versions

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go.

7.0HIGH

CVE-2020-1726

all versions

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even i

5.9MEDIUM

CVE-2020-1708

all versions

It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that mult

7.0HIGH

CVE-2019-14819

all versions

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service acc

8.8HIGH

CVE-2019-14854

all versions

OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is

6.5MEDIUM

CVE-2019-13734

all versions

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupt

8.8HIGH

CVE-2019-11255

all versions

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1)

4.8MEDIUM

CVE-2019-10213

all versions

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a give

6.5MEDIUM

CVE-2019-14891

all versions

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in con

5.0MEDIUM

CVE-2019-10214

all versions

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI

5.9MEDIUM

CVE-2018-12207

all versions

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an aut

6.5MEDIUM

CVE-2019-10223

all versions

A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.

6.5MEDIUM

CVE-2019-14287

all versions

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM

8.8HIGH

CVE-2019-11253

all versions

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and

7.5HIGH

CVE-2019-16276

all versions

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

7.5HIGH

CVE-2019-16884

all versions

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcon

7.5HIGH

CVE-2019-14835

all versions

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates

7.8HIGH

CVE-2019-14813

all versions

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its p

9.8CRITICAL

CVE-2019-15718

all versions

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the sy

4.4MEDIUM

CVE-2019-14817

all versions

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secur

7.8HIGH

CVE-2019-14811

all versions

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure i

7.8HIGH

CVE-2019-11250

all versions

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unautho

6.5MEDIUM

CVE-2019-11249

all versions

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes ru

6.5MEDIUM

CVE-2019-11247

all versions

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resour

8.1HIGH

CVE-2019-10384

all versions

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resul

8.8HIGH

CVE-2019-10383

all versions

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/A

4.8MEDIUM

CVE-2019-9515

all versions

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a s

7.5HIGH

CVE-2019-9514

all versions

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a numb

7.5HIGH

CVE-2019-10176

all versions

A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console co

4.2MEDIUM

CVE-2019-10357

all versions

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read ac

4.3MEDIUM

CVE-2019-10356

all versions

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expres

8.8HIGH

CVE-2019-10355

all versions

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed at

8.8HIGH

CVE-2019-10165

< 4.1.3

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server

2.3LOW

CVE-2019-14379

all versions

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.

9.8CRITICAL

CVE-2019-1010238

all versions

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code

9.8CRITICAL

CVE-2019-10354

all versions

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to acces

4.3MEDIUM

CVE-2019-3889

>= 3.4 and <= 3.7

A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift

5.4MEDIUM

CVE-2018-11307

all versions

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class

9.8CRITICAL

CVE-2019-10150

>= 3.6 and <= 4.1

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key au

5.9MEDIUM

CVE-2019-2698

all versions

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u2

8.1HIGH

CVE-2019-2684

all versions

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect

5.9MEDIUM

CVE-2019-2602

all versions

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are

7.5HIGH

CVE-2019-3899

all versions

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interfac

9.8CRITICAL

CVE-2019-11244

all versions

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube

5.0MEDIUM

CVE-2019-1003050

all versions

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS

5.4MEDIUM

CVE-2019-1003049

all versions

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authen

8.1HIGH

CVE-2019-0211

all versions

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child pr

7.8HIGH

CVE-2019-3876

>= 3.0 and <= 3.11

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI toke

6.3MEDIUM

CVE-2019-1002101

all versions

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes cr

6.4MEDIUM

CVE-2019-1002100

all versions

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kuberne

6.5MEDIUM

CVE-2019-1003041

all versions

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructo

9.8CRITICAL

CVE-2019-1003040

all versions

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructor

9.8CRITICAL

CVE-2019-3826

all versions

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this

6.1MEDIUM

CVE-2019-7609

all versions

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce

10.0CRITICAL

CVE-2019-7221

all versions

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

7.8HIGH

CVE-2018-20615

all versions

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can resul

7.5HIGH

CVE-2018-12023

all versions

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (eithe

7.5HIGH

CVE-2018-12022

all versions

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (eithe

7.5HIGH

CVE-2019-9636

all versions

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc)

9.8CRITICAL

CVE-2019-1003034

all versions

A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/

9.9CRITICAL

CVE-2019-1003031

all versions

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi

9.9CRITICAL

CVE-2019-1003030

all versions

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/

9.9CRITICAL

CVE-2019-1003029

all versions

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/sc

9.9CRITICAL

CVE-2019-1003024

all versions

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java tha

8.8HIGH

CVE-2019-6974

all versions

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race

8.1HIGH

CVE-2019-1003014

all versions

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/co

4.8MEDIUM

CVE-2019-1003013

all versions

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/i

5.4MEDIUM

CVE-2019-1003012

all versions

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartu

6.5MEDIUM

CVE-2019-1003011

all versions

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/

8.1HIGH

CVE-2019-1003010

all versions

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitT

4.3MEDIUM

CVE-2019-3818

all versions

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configuratio

7.5HIGH

CVE-2019-3815

all versions

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_re

3.3LOW

CVE-2019-1003004

all versions

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/

7.2HIGH

CVE-2019-1003003

all versions

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/

7.2HIGH

CVE-2019-1003002

all versions

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groo

8.8HIGH

CVE-2019-1003001

all versions

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/

8.8HIGH

CVE-2019-1003000

all versions

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecu

8.8HIGH

CVE-2019-0542

>= 3.9 and < 3.9.99

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code

8.8HIGH

CVE-2018-19362

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jb

9.8CRITICAL

CVE-2018-19361

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the op

9.8CRITICAL

CVE-2018-19360

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax

9.8CRITICAL

CVE-2018-14721

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by

10.0CRITICAL

CVE-2018-14720

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failu

9.8CRITICAL

CVE-2018-14719

>= 3.11 and < 3.11.153

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block

9.8CRITICAL

CVE-2018-14718

>= 3.11 and < 3.11.153

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block

9.8CRITICAL

CVE-2018-17246

all versions

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to

9.8CRITICAL

CVE-2018-20103

all versions

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infi

7.5HIGH

CVE-2018-20102

all versions

An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when

7.5HIGH

CVE-2018-18397

all versions

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as dem

5.5MEDIUM

CVE-2018-1000866

all versions

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groo

8.8HIGH

CVE-2018-1000865

all versions

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groov

8.8HIGH

CVE-2018-1000864

all versions

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attacke

6.5MEDIUM

CVE-2018-1000863

all versions

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that

8.2HIGH

CVE-2018-1000862

all versions

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java

4.3MEDIUM

CVE-2018-1000861

all versions

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in s

9.8CRITICAL

CVE-2018-18311

all versions

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write ope

9.8CRITICAL

CVE-2018-1002105

all versions

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade reque

9.8CRITICAL

CVE-2018-19477

all versions

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2

7.8HIGH

CVE-2018-19476

all versions

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolor

7.8HIGH

CVE-2018-19475

all versions

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available

7.8HIGH

CVE-2018-18559

all versions

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind o

8.1HIGH

CVE-2018-14645

all versions

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpa

7.5HIGH

CVE-2018-3830

all versions

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an a

6.1MEDIUM

CVE-2018-10937

all versions

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the abi

4.6MEDIUM

CVE-2018-14632

<= 3.7

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platfo

7.7HIGH

CVE-2018-16540

all versions

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a u

7.8HIGH

CVE-2016-1000232

all versions

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that c

5.3MEDIUM

CVE-2018-12115

all versions

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names

7.5HIGH

CVE-2017-15138

all versions

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view c

5.0MEDIUM

CVE-2016-8651

all versions

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associa

3.1LOW

CVE-2017-12195

all versions

A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the

6.5MEDIUM

CVE-2018-13988

all versions

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memo

6.5MEDIUM

CVE-2017-7481

all versions

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control t

9.8CRITICAL

CVE-2017-15137

all versions

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example.

4.3MEDIUM

CVE-2018-12910

all versions

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

9.8CRITICAL

CVE-2018-10843

< 3.7.53

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vuln

8.5HIGH

CVE-2018-13033

all versions

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a den

5.5MEDIUM

CVE-2018-1085

< 3.9.31

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authenti

9.0CRITICAL

CVE-2018-1070

< 3.10

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause a

6.5MEDIUM

CVE-2018-10237

all versions

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service a

5.9MEDIUM

CVE-2017-7525

all versions

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an un

9.8CRITICAL

CVE-2017-15095

all versions

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenti

9.8CRITICAL

CVE-2018-5968

all versions

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incom

8.1HIGH

CVE-2017-17485

all versions

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incom

9.8CRITICAL

CVE-2015-8103

all versions

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a c

9.8CRITICAL