Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-02	CVE-2020-27816	Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. network low complexity elastic redhat CWE-601	6.1
2020-11-24	CVE-2020-10763	Information Exposure Through Log Files vulnerability in multiple products An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. local low complexity heketi-project redhat CWE-532	5.5
2020-09-23	CVE-2020-14370	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. network high complexity podman-project redhat fedoraproject CWE-212	5.3
2020-07-29	CVE-2020-15707	Integer Overflow or Wraparound vulnerability in multiple products Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. local high complexity gnu redhat microsoft canonical debian suse opensuse netapp CWE-190	6.4
2020-07-29	CVE-2020-15706	Use After Free vulnerability in multiple products GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. local high complexity gnu redhat canonical debian suse microsoft opensuse CWE-416	6.4
2020-07-29	CVE-2020-15705	Improper Verification of Cryptographic Signature vulnerability in multiple products GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. local high complexity gnu redhat canonical debian suse opensuse microsoft CWE-347	6.4
2020-06-03	CVE-2020-10749	A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. network high complexity linuxfoundation redhat fedoraproject	6.0
2020-05-12	CVE-2020-10706	Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. low complexity redhat	6.6
2020-04-24	CVE-2020-1741	Unspecified vulnerability in Redhat Openshift Container Platform 3.11 A flaw was found in openshift-ansible. network high complexity redhat	5.9
2020-04-23	CVE-2020-1760	Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. network low complexity linuxfoundation redhat fedoraproject canonical debian CWE-79	6.1