Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-28	CVE-2020-1723	Open Redirect vulnerability in multiple products A flaw was found in Keycloak Gatekeeper (Louketo). network low complexity redhat keycloak-gatekeeper-project CWE-601	6.1
2021-01-26	CVE-2020-35513	A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. network low complexity linux redhat	4.9
2021-01-12	CVE-2020-25657	Covert Timing Channel vulnerability in multiple products A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. network high complexity m2crypto-project redhat fedoraproject CWE-385	5.9
2021-01-08	CVE-2020-25678	Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. local low complexity redhat fedoraproject CWE-312	4.4
2021-01-07	CVE-2020-25680	Improper Certificate Validation vulnerability in Redhat Jboss Core Services Httpd 2.4.37 A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. network low complexity redhat CWE-295	5.4
2021-01-05	CVE-2020-27842	Out-of-bounds Read vulnerability in multiple products There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. local low complexity uclouvain fedoraproject debian redhat oracle CWE-125	5.5
2021-01-04	CVE-2020-35507	NULL Pointer Dereference vulnerability in multiple products There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. local low complexity gnu redhat netapp broadcom CWE-476	5.5
2020-12-21	CVE-2020-35497	Improper Access Control vulnerability in multiple products A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. network low complexity ovirt redhat CWE-284	6.5
2020-12-15	CVE-2020-14302	Authentication Bypass by Capture-replay vulnerability in Redhat Keycloak A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. network low complexity redhat CWE-294	4.9
2020-12-15	CVE-2020-10770	Server-Side Request Forgery (SSRF) vulnerability in Redhat Keycloak A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. network low complexity redhat CWE-918	5.3