|
199151
|
7.5 |
HIGH
Network
|
elastic
|
elastic_cloud_on_kubernetes
|
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deplo…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2020-7010
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199152
|
7.2 |
HIGH
Network
|
arubanetworks
|
clearpass_policy_manager
|
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then …
|
NVD-CWE-noinfo
|
CVE-2020-7117
|
2024-11-21 14:36 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199153
|
7.2 |
HIGH
Network
|
arubanetworks
|
clearpass_policy_manager
|
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then …
|
NVD-CWE-noinfo
|
CVE-2020-7116
|
2024-11-21 14:36 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199154
|
9.8 |
CRITICAL
Network
|
arubanetworks
|
clearpass_policy_manager
|
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to rem…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-7115
|
2024-11-21 14:36 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199155
|
6.5 |
MEDIUM
Adjacent
|
zte
|
f680_firmware
|
There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN co…
|
CWE-20
Improper Input Validation
|
CVE-2020-6868
|
2024-11-21 14:36 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199156
|
7.5 |
HIGH
Network
|
mulesoft
|
mule_runtime
|
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
|
NVD-CWE-noinfo
|
CVE-2020-6937
|
2024-11-21 14:36 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199157
|
8.8 |
HIGH
Local
|
bosch
|
recording_station_firmware
|
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-6774
|
2024-11-21 14:36 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199158
|
9.8 |
CRITICAL
Network
|
mozilla
canonical
debian
opensuse
|
thunderbird
firefox
firefox_esr
ubuntu_linux
debian_linux
leap
|
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR <…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6831
|
2024-11-21 14:36 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199159
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't need…
|
CWE-200
Information Exposure
|
CVE-2020-6830
|
2024-11-21 14:36 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199160
|
8.1 |
HIGH
Network
|
hpe
|
nimbleos
|
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. …
|
NVD-CWE-noinfo
|
CVE-2020-7139
|
2024-11-21 14:36 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
