Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-11 | CVE-2020-14313 | Unspecified vulnerability in Redhat Quay An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. | 4.3 |
| 2020-08-11 | CVE-2020-10780 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Redhat Cloudforms Management Engine 4.7/5.0 Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. | 6.3 |
| 2020-08-11 | CVE-2020-10779 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Cloudforms 4.7/5.0.0 Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. | 6.5 |
| 2020-08-11 | CVE-2020-10778 | Incorrect Resource Transfer Between Spheres vulnerability in Redhat Cloudforms 4.7/5.0.0 In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. | 6.0 |
| 2020-08-11 | CVE-2020-10777 | Cross-site Scripting vulnerability in Redhat Cloudforms 4.7/5.0.0 A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. | 5.4 |
| 2020-08-06 | CVE-2020-15136 | Missing Authentication for Critical Function vulnerability in multiple products In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. | 6.5 |
| 2020-08-03 | CVE-2020-14319 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Enmasse It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. | 5.9 |
| 2020-07-31 | CVE-2020-14311 | There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. | 6.0 |
| 2020-07-31 | CVE-2020-14310 | Integer Overflow or Wraparound vulnerability in multiple products There is an issue on grub2 before version 2.06 at function read_section_as_string(). | 6.0 |
| 2020-07-31 | CVE-2020-14337 | Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower 3.0.0 A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. | 5.8 |