Lucene search

K

9 matches found

CVE
CVE
added 2021/12/16 7:15 p.m.254 views

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

8.5CVSS7AI score0.03447EPSS
CVE
CVE
added 2021/12/08 12:15 a.m.161 views

CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

7.5CVSS7.1AI score0.00102EPSS
CVE
CVE
added 2021/06/02 1:15 p.m.96 views

CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

7.5CVSS7.4AI score0.00248EPSS
CVE
CVE
added 2021/04/08 11:15 p.m.92 views

CVE-2021-3413

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...

6.5CVSS6.3AI score0.00217EPSS
CVE
CVE
added 2021/05/27 7:15 p.m.71 views

CVE-2020-10716

A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects tfm-ruby...

6.5CVSS6.3AI score0.00215EPSS
CVE
CVE
added 2021/12/23 8:15 p.m.68 views

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of ...

9CVSS7.5AI score0.00725EPSS
CVE
CVE
added 2021/02/23 11:15 p.m.66 views

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

5.3CVSS5.4AI score0.00043EPSS
CVE
CVE
added 2021/06/02 12:15 p.m.55 views

CVE-2020-14335

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.

5.5CVSS5.7AI score0.00043EPSS
CVE
CVE
added 2021/06/02 1:15 p.m.45 views

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

6.5CVSS6.4AI score0.00274EPSS