Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-31 | CVE-2020-14364 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. | 5.0 |
| 2020-08-24 | CVE-2020-10775 | Open Redirect vulnerability in multiple products An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. | 5.3 |
| 2020-08-11 | CVE-2020-14313 | Unspecified vulnerability in Redhat Quay An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. | 4.3 |
| 2020-08-11 | CVE-2020-10780 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Redhat Cloudforms Management Engine 4.7/5.0 Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. | 6.3 |
| 2020-08-11 | CVE-2020-10779 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Cloudforms 4.7/5.0.0 Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. | 6.5 |
| 2020-08-11 | CVE-2020-10778 | Incorrect Resource Transfer Between Spheres vulnerability in Redhat Cloudforms 4.7/5.0.0 In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. | 6.0 |
| 2020-08-11 | CVE-2020-10777 | Cross-site Scripting vulnerability in Redhat Cloudforms 4.7/5.0.0 A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. | 5.4 |
| 2020-08-06 | CVE-2020-15136 | Missing Authentication for Critical Function vulnerability in multiple products In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. | 6.5 |
| 2020-08-03 | CVE-2020-14319 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Enmasse It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. | 5.9 |
| 2020-07-31 | CVE-2020-14311 | Heap-based Buffer Overflow vulnerability in multiple products There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. | 6.0 |