Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_container_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/torvalds/linux • https://github.com/Perl/perl5 • https://github.com/evanphx/json-patch • https://github.com/ansible/ansible |
| #Vulnerabilities | 243 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-19 | CVE-2019-1010238 | Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. | Ubuntu_linux, Debian_linux, Fedora, Pango, Sd\-Wan_edge, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
| 2019-07-29 | CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | Xcode, Debian_linux, Jackson\-Databind, Fedora, Active_iq_unified_manager, Oncommand_workflow_automation, Service_level_manager, Snapcenter, Banking_platform, Communications_diameter_signaling_router, Communications_instant_messaging_server, Financial_services_analytical_applications_infrastructure, Goldengate_stream_analytics, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Jboss_enterprise_application_platform, Openshift_container_platform, Single_sign\-On | 9.8 | ||
| 2019-09-03 | CVE-2019-14811 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Debian_linux, Fedora, Leap, Openshift_container_platform | 7.8 | ||
| 2019-09-03 | CVE-2019-14817 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Debian_linux, Fedora, Leap, Openshift_container_platform | 7.8 | ||
| 2019-09-04 | CVE-2019-15718 | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | Fedora, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_8_s390x, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Openshift_container_platform, Systemd | 4.4 | ||
| 2019-09-06 | CVE-2019-14813 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Debian_linux, Fedora, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
| 2019-09-25 | CVE-2019-16884 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | Ubuntu_linux, Docker, Fedora, Runc, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openshift_container_platform | 7.5 | ||
| 2019-09-30 | CVE-2019-16276 | Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | Debian_linux, Fedora, Go, Cloud_insights_telegraf_agent, Leap, Developer_tools, Enterprise_linux, Enterprise_linux_eus, Openshift_container_platform | 7.5 | ||
| 2019-10-17 | CVE-2019-11253 | Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more... | Kubernetes, Openshift_container_platform | 7.5 | ||
| 2019-10-17 | CVE-2019-14287 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. | Ubuntu_linux, Debian_linux, Fedora, Element_software_management_node, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Virtualization, Sudo | 8.8 |