|
213771
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, gr…
|
CWE-89
SQL Injection
|
CVE-2020-10549
|
2024-11-21 13:55 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213772
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, gra…
|
CWE-89
SQL Injection
|
CVE-2020-10548
|
2024-11-21 13:55 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213773
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to late…
|
CWE-89
SQL Injection
|
CVE-2020-10547
|
2024-11-21 13:55 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213774
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral mo…
|
CWE-89
SQL Injection
|
CVE-2020-10546
|
2024-11-21 13:55 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213775
|
6.0 |
MEDIUM
Network
|
linuxfoundation
redhat
fedoraproject
|
cni_network_plugins
enterprise_linux
fedora
openshift_container_platform
|
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A m…
|
NVD-CWE-Other
|
CVE-2020-10749
|
2024-11-21 13:55 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213776
|
9.8 |
CRITICAL
Network
|
github
|
github
|
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories wi…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-10516
|
2024-11-21 13:55 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213777
|
7.5 |
HIGH
Network
|
istio
|
istio
|
Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-10739
|
2024-11-21 13:55 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213778
|
6.5 |
MEDIUM
Network
|
redhat
|
libvirt
|
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more de…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-10703
|
2024-11-21 13:55 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213779
|
6.3 |
MEDIUM
Local
|
redhat
|
oddjob
|
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into …
|
CWE-362
Race Condition
|
CVE-2020-10737
|
2024-11-21 13:55 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213780
|
6.5 |
MEDIUM
Network
|
redhat
netapp
|
undertow
oncommand_insight
single_sign-on
jboss_enterprise_application_platform
openshift_application_runtimes
fuse
oncommand_workflow_automation
active_iq_unified_manager
|
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request s…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-10719
|
2024-11-21 13:55 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
