| 2020-12-21 | CVE-2020-35497 | A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. | 6.5 |
| 2020-12-21 | CVE-2020-27846 | A signature verification vulnerability exists in crewjam/saml. | 9.8 |
| 2020-12-18 | CVE-2020-27781 | Insufficiently Protected Credentials vulnerability in multiple products
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. | 7.1 |
| 2020-12-15 | CVE-2020-14302 | Authentication Bypass by Capture-replay vulnerability in Redhat Keycloak
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. | 4.9 |
| 2020-12-15 | CVE-2020-10770 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Keycloak
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. | 5.3 |
| 2020-12-15 | CVE-2020-27777 | A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. | 6.7 |
| 2020-12-15 | CVE-2020-25712 | A flaw was found in xorg-x11-server before 1.20.10. | 7.8 |
| 2020-12-11 | CVE-2020-27825 | A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). | 5.7 |
| 2020-12-11 | CVE-2020-27786 | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. | 7.8 |
| 2020-12-08 | CVE-2020-27822 | Unspecified vulnerability in Redhat Wildfly
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. network high complexity redhat | 5.9 |