| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-12086 | 5.0 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
|
13-09-2023 - 14:16 | 17-05-2019 - 17:29 | |
| CVE-2017-15137 | 5.0 |
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
|
12-02-2023 - 23:28 | 16-07-2018 - 20:29 | |
| CVE-2017-12195 | 5.8 |
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication
|
12-02-2023 - 23:28 | 27-07-2018 - 15:29 | |
| CVE-2018-14632 | 4.0 |
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service whi
|
07-02-2023 - 22:18 | 06-09-2018 - 14:29 | |
| CVE-2020-10716 | 4.0 |
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and
|
21-10-2022 - 17:58 | 27-05-2021 - 19:15 | |
| CVE-2019-10086 | 7.5 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|
25-07-2022 - 18:15 | 20-08-2019 - 21:15 | |
| CVE-2019-12086 | 5.0 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
|
01-10-2020 - 00:15 | 17-05-2019 - 17:29 | |
| CVE-2017-15138 | 4.0 |
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
|
09-10-2019 - 23:24 | 13-08-2018 - 17:29 | |
| CVE-2019-0231 | 5.0 |
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.
|
08-10-2019 - 17:47 | 01-10-2019 - 20:15 | |
| CVE-2017-1000095 | 4.0 |
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
| CVE-2018-1000169 | 5.0 |
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker
|
31-07-2019 - 03:15 | 16-04-2018 - 09:58 | |
| CVE-2017-17718 | 4.3 |
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
|
05-01-2018 - 18:12 | 17-12-2017 - 21:29 |