|
208171
|
9.8 |
CRITICAL
Network
|
grafana
saml_project
redhat
fedoraproject
|
grafana
saml
openshift_container_platform
enterprise_linux
openshift_service_mesh
fedora
|
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity,…
|
-
|
CVE-2020-27846
|
2024-11-21 14:21 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208172
|
7.1 |
HIGH
Local
|
redhat
fedoraproject
|
ceph
ceph_storage
openshift_container_platform
openstack_platform
fedora
|
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27781
|
2024-11-21 14:21 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208173
|
8.8 |
HIGH
Network
|
thingsboard
|
thingsboard
|
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-c…
|
CWE-20
CWE-74
Improper Input Validation
Injection
|
CVE-2020-27687
|
2024-11-21 14:21 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208174
|
8.1 |
HIGH
Adjacent
|
mitel
|
mivoice_6940_firmware
mivoice_6930_firmware
|
The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a pho…
|
NVD-CWE-noinfo
|
CVE-2020-27640
|
2024-11-21 14:21 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208175
|
8.1 |
HIGH
Adjacent
|
mitel
|
6873i_sip_firmware
6930_sip_firmware
6940_sip_firmware
|
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device …
|
NVD-CWE-noinfo
|
CVE-2020-27639
|
2024-11-21 14:21 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208176
|
6.1 |
MEDIUM
Network
|
mitel
|
micollab
|
The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control.
|
NVD-CWE-noinfo
|
CVE-2020-27340
|
2024-11-21 14:21 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208177
|
9.8 |
CRITICAL
Network
|
linux-pam
|
linux-pam
|
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of …
|
-
|
CVE-2020-27780
|
2024-11-21 14:21 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208178
|
6.7 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux
openshift_container_platform
|
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors …
|
-
|
CVE-2020-27777
|
2024-11-21 14:21 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208179
|
9.8 |
CRITICAL
Network
|
f5
netapp
|
nginx_controller
cloud_backup
|
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
|
CWE-22
Path Traversal
|
CVE-2020-27730
|
2024-11-21 14:21 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208180
|
7.5 |
HIGH
Network
|
f5
|
big-ip_advanced_firewall_manager
|
In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the conne…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-27713
|
2024-11-21 14:21 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
