Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-02 | CVE-2020-14383 | A flaw was found in samba's DNS server. | 6.5 |
| 2020-11-24 | CVE-2020-25640 | Information Exposure Through Log Files vulnerability in Redhat Wildfly A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | 5.3 |
| 2020-11-24 | CVE-2020-10763 | Information Exposure Through Log Files vulnerability in multiple products An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. | 5.5 |
| 2020-11-24 | CVE-2020-10762 | Information Exposure Through Log Files vulnerability in Redhat Gluster-Block An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. | 5.5 |
| 2020-11-17 | CVE-2020-10776 | Cross-site Scripting vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. | 4.8 |
| 2020-11-12 | CVE-2020-25658 | Covert Timing Channel vulnerability in multiple products It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. | 5.9 |
| 2020-11-09 | CVE-2020-25655 | Incorrect Authorization vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. | 6.5 |
| 2020-11-05 | CVE-2020-25662 | Improper Initialization vulnerability in Redhat Enterprise Linux 8.3 A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. | 6.5 |
| 2020-11-02 | CVE-2020-25689 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. | 6.5 |
| 2020-10-16 | CVE-2020-14299 | Improper Authentication vulnerability in Redhat products A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. | 6.5 |