|
210691
|
3.3 |
LOW
Local
|
redhat
|
ansible_tower
|
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the…
|
-
|
CVE-2020-14329
|
2024-11-21 14:03 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210692
|
3.3 |
LOW
Local
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal ser…
|
-
|
CVE-2020-14328
|
2024-11-21 14:03 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210693
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible_tower
|
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the s…
|
-
|
CVE-2020-14327
|
2024-11-21 14:03 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210694
|
3.3 |
LOW
Local
|
c-ares
fedoraproject
|
c-ares
fedora
|
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service t…
|
CWE-415
CWE-416
Double Free
Use After Free
|
CVE-2020-14354
|
2024-11-21 14:03 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210695
|
10.0 |
CRITICAL
Network
|
rockwellautomation
|
factorytalk_services_platform
|
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that p…
|
-
|
CVE-2020-14516
|
2024-11-21 14:03 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210696
|
7.5 |
HIGH
Local
|
gnu
redhat
fedoraproject
netapp
|
grub2
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux
enterprise_linux_server_tus
enterprise_linux_server_eus
fedora
cloud_backup
ontap_select_deploy…
|
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to cra…
|
-
|
CVE-2020-14372
|
2024-11-21 14:03 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210697
|
7.3 |
HIGH
Network
|
redhat
|
louketo_proxy
|
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some…
|
-
|
CVE-2020-14359
|
2024-11-21 14:03 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210698
|
9.8 |
CRITICAL
Network
|
pyyaml
oracle
|
pyyaml
communications_cloud_native_core_network_function_cloud_native_environment
|
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or…
|
CWE-20
Improper Input Validation
|
CVE-2020-14343
|
2024-11-21 14:03 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210699
|
5.5 |
MEDIUM
Local
|
gnome
|
control_center
|
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through t…
|
-
|
CVE-2020-14391
|
2024-11-21 14:03 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210700
|
7.0 |
HIGH
Local
|
morphisec
madshi
cisco
|
unified_threat_prevention_platform
madcodehook
advanced_malware_protection
|
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-14418
|
2024-11-21 14:03 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
