Skip to main content

Openshift Container Platform

223 CVEs product

Monthly

CVE-2019-1003011 Maven HIGH PATCH This Week

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins Information Disclosure Token Macro +1
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2019-1003010 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Git Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-3818 HIGH PATCH This Week

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Red Hat Kube Rbac Proxy Openshift Container Platform
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-3815 LOW Monitor

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Red Hat Openshift Container Platform Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-1003004 Maven HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-1003003 Maven HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-1003002 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
81.6%
CVE-2019-1003001 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
86.2%
CVE-2019-1003000 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
98.4%
CVE-2019-0542 npm HIGH PATCH This Week

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Xterm Js Openshift Container Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-17246 CRITICAL POC THREAT Act Now

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic RCE Kibana Openshift Container Platform
NVD
CVSS 3.0
9.8
EPSS
82.3%
CVE-2018-20103 HIGH This Week

An issue was discovered in dns.c in HAProxy through 1.8.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Haproxy Ubuntu Linux Openshift Container Platform
NVD
CVSS 3.0
7.5
EPSS
6.6%
CVE-2018-20102 HIGH This Week

An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Haproxy Ubuntu Linux Openshift Container Platform
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-18397 MEDIUM POC PATCH This Month

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Openshift Container Platform Virtualization Host +7
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1000866 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Pipeline +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1000865 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Script Security +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1000864 Maven MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service Openshift Container Platform
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-1000863 Maven HIGH POC PATCH This Week

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins Path Traversal Openshift Container Platform
NVD
CVSS 3.0
8.2
EPSS
6.8%
CVE-2018-1000862 Maven MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2018-1000861 Maven CRITICAL POC KEV PATCH THREAT Act Now

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization RCE Openshift Container Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
98.5%
CVE-2018-18311 CRITICAL PATCH Act Now

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Perl Ubuntu Linux Debian Linux +15
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-1002105 Go CRITICAL POC PATCH THREAT Act Now

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Openshift Container Platform Trident
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
87.0%
CVE-2018-19477 HIGH POC PATCH This Week

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-19476 HIGH POC PATCH This Week

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-19475 HIGH POC PATCH This Week

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
9.5%
CVE-2018-18559 HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel Openshift Container Platform +7
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2018-14645 HIGH This Week

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Haproxy Ubuntu Linux +3
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-3830 MEDIUM This Month

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana Openshift Container Platform
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2018-10937 MEDIUM POC PATCH This Month

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-14632 Go HIGH PATCH This Week

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Openshift Container Platform Json Patch
NVD GitHub
CVSS 3.1
7.7
EPSS
2.0%
CVE-2018-16540 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Openshift Container Platform +9
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-12115 HIGH This Week

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Node.js Node Js Openshift Container Platform
NVD
CVSS 3.0
7.5
EPSS
8.0%
CVE-2018-13988 MEDIUM PATCH This Month

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Poppler Ubuntu Linux +6
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-12910 CRITICAL PATCH Act Now

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libsoup Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-10843 HIGH This Week

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Openshift Container Platform
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-13033 MEDIUM POC This Month

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +1
NVD
CVSS 3.0
5.5
EPSS
3.1%
CVE-2018-1085 CRITICAL Act Now

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-1070 HIGH This Week

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openshift Container Platform
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-10237 Maven MEDIUM PATCH This Month

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Java Denial Of Service Guava Openshift Container Platform +15
NVD
CVSS 3.1
5.9
EPSS
5.1%
CVE-2018-5968 Maven HIGH PATCH This Week

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Jackson Databind Debian Linux Openshift Container Platform +6
NVD GitHub
CVSS 3.1
8.1
EPSS
7.0%
CVE-2015-8103 Maven CRITICAL POC PATCH THREAT Act Now

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.4%.

Deserialization RCE Jenkins Java Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
90.4%
Threat
6.2
CVE-2026-4408 CRITICAL Act Now

Command injection in Samba (CWE-78) carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is fixed in Alpine Linux package samba 4.23.8-r0, with Red Hat shipping errata RHSA-2026:22644, 22963, 25049, and 25979 for Enterprise Linux 6/7/9 and OpenShift Container Platform 4.0. The flaw allows remote attackers to inject operating-system commands against vulnerable Samba deployments, yielding full confidentiality, integrity, and availability impact. EPSS is modest at 0.23% (46th percentile) and no public exploit identified at time of analysis, but the unauthenticated network attack surface of Samba makes urgent patching warranted.

Command Injection Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-9675 Go MEDIUM PATCH This Month

Alpine Linux: buildah fixed in 1.37.5-r0

Path Traversal Buildah Openshift Container Platform Enterprise Linux Enterprise Linux Eus +10
NVD
CVSS 3.1
4.4
EPSS
0.1%
EPSS 2% CVSS 8.1
HIGH PATCH This Week

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins +3
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Red Hat Kube Rbac Proxy +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Red Hat Openshift Container Platform +6
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 82% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jenkins RCE Pipeline +1
NVD Exploit-DB
EPSS 86% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD Exploit-DB
EPSS 98% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Xterm Js +1
NVD GitHub
EPSS 82% CVSS 9.8
CRITICAL POC THREAT Act Now

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic RCE Kibana +1
NVD
EPSS 7% CVSS 7.5
HIGH This Week

An issue was discovered in dns.c in HAProxy through 1.8.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Haproxy Ubuntu Linux +1
NVD
EPSS 4% CVSS 7.5
HIGH This Week

An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Haproxy +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel +9
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins +3
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service +1
NVD
EPSS 7% CVSS 8.2
HIGH POC PATCH This Week

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins Path Traversal +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 98% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization +2
NVD GitHub
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Perl +17
NVD GitHub
EPSS 87% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Openshift Container Platform +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 10% CVSS 7.8
HIGH POC PATCH This Week

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux +9
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +5
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kubernetes Openshift Container Platform
NVD GitHub
EPSS 2% CVSS 7.7
HIGH PATCH This Week

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +11
NVD
EPSS 8% CVSS 7.5
HIGH This Week

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Node.js +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +8
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libsoup +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Openshift Container Platform
NVD
EPSS 3% CVSS 5.5
MEDIUM POC This Month

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Enterprise Linux Desktop +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
EPSS 1% CVSS 7.5
HIGH This Week

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openshift Container Platform
NVD
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Java Denial Of Service +17
NVD
EPSS 7% CVSS 8.1
HIGH PATCH This Week

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Jackson Databind +8
NVD GitHub
EPSS 90% 6.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.4%.

Deserialization RCE Jenkins +2
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in Samba (CWE-78) carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is fixed in Alpine Linux package samba 4.23.8-r0, with Red Hat shipping errata RHSA-2026:22644, 22963, 25049, and 25979 for Enterprise Linux 6/7/9 and OpenShift Container Platform 4.0. The flaw allows remote attackers to inject operating-system commands against vulnerable Samba deployments, yielding full confidentiality, integrity, and availability impact. EPSS is modest at 0.23% (46th percentile) and no public exploit identified at time of analysis, but the unauthenticated network attack surface of Samba makes urgent patching warranted.

Command Injection Openshift Container Platform Samba +1
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Alpine Linux: buildah fixed in 1.37.5-r0

Path Traversal Buildah Openshift Container Platform +12
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy