Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2020-35507 There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference.
local
low complexity
gnu redhat netapp broadcom
5.5
5.5
2020-12-21 CVE-2020-35497 A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
network
low complexity
ovirt redhat
6.5
6.5
2020-12-15 CVE-2020-14302 Authentication Bypass by Capture-replay vulnerability in Redhat Keycloak
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter.
network
low complexity
redhat CWE-294
4.9
4.9
2020-12-15 CVE-2020-10770 Server-Side Request Forgery (SSRF) vulnerability in Redhat Keycloak
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri.
network
low complexity
redhat CWE-918
5.3
5.3
2020-12-15 CVE-2020-27777 A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication.
local
low complexity
linux redhat
6.7
6.7
2020-12-11 CVE-2020-27825 A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1).
local
high complexity
linux redhat debian netapp
5.7
5.7
2020-12-08 CVE-2020-27822 Unspecified vulnerability in Redhat Wildfly
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final.
network
high complexity
redhat
5.9
5.9
2020-12-08 CVE-2020-25677 A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions.
local
low complexity
ceph redhat
5.5
5.5
2020-12-03 CVE-2020-27783 A XSS vulnerability was discovered in python-lxml's clean module.
network
low complexity
lxml redhat debian fedoraproject netapp oracle
6.1
6.1
2020-12-03 CVE-2020-25711 Missing Authorization vulnerability in multiple products
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations.
network
low complexity
infinispan redhat netapp CWE-862
6.5
6.5