Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-15	CVE-2020-27777	A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. local low complexity linux redhat	6.7
2020-12-11	CVE-2020-27825	Race Condition vulnerability in multiple products A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). local high complexity linux redhat debian netapp CWE-362	5.7
2020-12-08	CVE-2020-27822	Unspecified vulnerability in Redhat Wildfly A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. network high complexity redhat	5.9
2020-12-08	CVE-2020-25677	Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. local low complexity ceph redhat CWE-312	5.5
2020-12-03	CVE-2020-27783	Cross-site Scripting vulnerability in multiple products A XSS vulnerability was discovered in python-lxml's clean module. network low complexity lxml redhat debian fedoraproject netapp oracle CWE-79	6.1
2020-12-03	CVE-2020-25711	Missing Authorization vulnerability in multiple products A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. network low complexity infinispan redhat netapp CWE-862	6.5
2020-12-03	CVE-2020-14318	Incorrect Privilege Assignment vulnerability in multiple products A flaw was found in the way samba handled file and directory permissions. network low complexity samba redhat CWE-266	4.3
2020-12-02	CVE-2020-14369	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. network low complexity redhat CWE-352	6.3
2020-12-02	CVE-2020-27816	Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. network low complexity elastic redhat CWE-601	6.1
2020-12-02	CVE-2020-25656	Use After Free vulnerability in multiple products A flaw was found in the Linux kernel. local high complexity linux redhat debian starwindsoftware CWE-416	4.1