Vulnerabilities > Redhat > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-06 | CVE-2020-25743 | NULL Pointer Dereference vulnerability in multiple products hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. | 2.1 |
| 2020-08-11 | CVE-2020-10777 | Cross-site Scripting vulnerability in Redhat Cloudforms 4.7/5.0.0 A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. | 3.5 |
| 2020-07-13 | CVE-2019-19338 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. | 2.1 |
| 2020-04-10 | CVE-2020-11669 | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. | 2.1 |
| 2020-04-08 | CVE-2020-2732 | Information Exposure vulnerability in Redhat Enterprise Linux 7.0/8.0 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. | 2.3 |
| 2020-03-16 | CVE-2020-1736 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. | 3.3 |
| 2020-03-16 | CVE-2020-1738 | Argument Injection or Modification vulnerability in Redhat products A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. | 3.9 |
| 2020-03-12 | CVE-2020-1739 | Information Exposure vulnerability in multiple products A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. | 3.9 |
| 2020-02-20 | CVE-2014-4658 | Information Exposure vulnerability in Redhat Ansible The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. | 2.1 |
| 2020-02-20 | CVE-2014-4659 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | 2.1 |