|
210181
|
9.8 |
CRITICAL
Network
|
sangoma
|
restapps
|
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
|
CWE-77
Command Injection
|
CVE-2020-10666
|
2024-11-21 13:55 |
2021-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210182
|
5.5 |
MEDIUM
Local
|
redhat
debian
|
ansible_engine
debian_linux
|
A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since …
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-10729
|
2024-11-21 13:55 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210183
|
6.5 |
MEDIUM
Network
|
redhat
theforeman
|
satellite_capsule
satellite
foreman_ansible
|
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invoc…
|
NVD-CWE-Other
|
CVE-2020-10716
|
2024-11-21 13:55 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210184
|
7.1 |
HIGH
Local
|
redhat
|
ansible_tower
|
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a…
|
CWE-287
CWE-613
Improper Authentication
Insufficient Session Expiration
|
CVE-2020-10709
|
2024-11-21 13:55 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210185
|
6.5 |
MEDIUM
Network
|
redhat
|
libvirt
|
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for th…
|
-
|
CVE-2020-10701
|
2024-11-21 13:55 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210186
|
3.3 |
LOW
Local
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed…
|
NVD-CWE-Other
|
CVE-2020-10698
|
2024-11-21 13:55 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210187
|
4.4 |
MEDIUM
Local
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denia…
|
NVD-CWE-Other
|
CVE-2020-10697
|
2024-11-21 13:55 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210188
|
6.1 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
openshift_application_runtimes
resteasy
fuse
|
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs.…
|
-
|
CVE-2020-10688
|
2024-11-21 13:55 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210189
|
7.8 |
HIGH
Local
|
redhat
|
single_sign-on
|
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their …
|
-
|
CVE-2020-10695
|
2024-11-21 13:55 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210190
|
7.5 |
HIGH
Network
|
invigo
|
automatic_device_management
|
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running …
|
CWE-22
Path Traversal
|
CVE-2020-10584
|
2024-11-21 13:55 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
