|
210711
|
9.8 |
CRITICAL
Network
|
emerson
|
openenterprise_scada_server
|
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10640
|
2024-11-21 13:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210712
|
7.5 |
HIGH
Network
|
emerson
|
openenterprise_scada_server
|
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-10636
|
2024-11-21 13:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210713
|
4.3 |
MEDIUM
Network
|
kuka
|
sim_pro
|
Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2020-10635
|
2024-11-21 13:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210714
|
5.3 |
MEDIUM
Network
|
emerson
|
openenterprise_scada_server
|
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an u…
|
NVD-CWE-Other
|
CVE-2020-10632
|
2024-11-21 13:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210715
|
8.1 |
HIGH
Adjacent
|
insulet
|
omnipod_insulin_management_system_firmware
|
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wi…
|
NVD-CWE-Other
|
CVE-2020-10627
|
2024-11-21 13:55 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210716
|
7.5 |
HIGH
Network
|
replicated
|
replicated_classic
|
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (…
|
NVD-CWE-noinfo
|
CVE-2020-10590
|
2024-11-21 13:55 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210717
|
4.3 |
MEDIUM
Network
|
elastic
redhat
|
kibana
openshift_container_platform
|
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker t…
|
-
|
CVE-2020-10743
|
2024-11-21 13:55 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210718
|
6.0 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux
|
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmallo…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10742
|
2024-11-21 13:55 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210719
|
9.8 |
CRITICAL
Network
|
sangoma
|
restapps
|
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
|
CWE-77
Command Injection
|
CVE-2020-10666
|
2024-11-21 13:55 |
2021-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210720
|
5.5 |
MEDIUM
Local
|
redhat
debian
|
ansible_engine
debian_linux
|
A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since …
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-10729
|
2024-11-21 13:55 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
