Max CVSS | 6.5 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-1102 | 6.5 |
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
|
12-02-2023 - 23:32 | 30-04-2018 - 19:29 | |
CVE-2017-15137 | 5.0 |
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
|
12-02-2023 - 23:28 | 16-07-2018 - 20:29 | |
CVE-2018-14632 | 4.0 |
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service whi
|
07-02-2023 - 22:18 | 06-09-2018 - 14:29 | |
CVE-2018-3741 | 4.3 |
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes ca
|
30-01-2023 - 16:10 | 30-03-2018 - 19:29 | |
CVE-2012-6685 | 5.0 |
Nokogiri before 1.5.4 is vulnerable to XXE attacks
|
25-02-2020 - 18:35 | 19-02-2020 - 15:15 | |
CVE-2018-8048 | 4.3 |
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
|
22-11-2019 - 09:15 | 27-03-2018 - 17:29 | |
CVE-2017-15138 | 4.0 |
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
|
09-10-2019 - 23:24 | 13-08-2018 - 17:29 | |
CVE-2018-1000169 | 5.0 |
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker
|
31-07-2019 - 03:15 | 16-04-2018 - 09:58 | |
CVE-2018-11627 | 4.3 |
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
|
26-02-2019 - 15:03 | 31-05-2018 - 19:29 |