Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-03 | CVE-2020-14318 | A flaw was found in the way samba handled file and directory permissions. | 4.3 |
| 2020-12-02 | CVE-2020-14369 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. | 6.3 |
| 2020-12-02 | CVE-2020-27816 | Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. | 6.1 |
| 2020-12-02 | CVE-2020-25656 | A flaw was found in the Linux kernel. | 4.1 |
| 2020-12-02 | CVE-2020-14383 | A flaw was found in samba's DNS server. | 6.5 |
| 2020-11-24 | CVE-2020-25640 | Information Exposure Through Log Files vulnerability in Redhat Wildfly A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | 5.3 |
| 2020-11-24 | CVE-2020-10763 | Information Exposure Through Log Files vulnerability in multiple products An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. | 5.5 |
| 2020-11-24 | CVE-2020-10762 | Information Exposure Through Log Files vulnerability in Redhat Gluster-Block An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. | 5.5 |
| 2020-11-17 | CVE-2020-10776 | Cross-site Scripting vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. | 4.8 |
| 2020-11-12 | CVE-2020-25658 | It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. | 5.9 |