|
196791
|
7.8 |
HIGH
Local
|
mcafee
|
virusscan_enterprise
|
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they wou…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7280
|
2024-11-21 14:36 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196792
|
7.8 |
HIGH
Local
|
mcafee
|
host_intrusion_prevention
|
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access…
|
CWE-426
Untrusted Search Path
|
CVE-2020-7279
|
2024-11-21 14:36 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196793
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortianalyzer
|
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Descrip…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6640
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196794
|
5.5 |
MEDIUM
Local
|
avaya
|
ip_office
|
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affec…
|
CWE-200
Information Exposure
|
CVE-2020-7030
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196795
|
5.4 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitiv…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7015
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196796
|
8.8 |
HIGH
Network
|
elastic
|
elasticsearch
|
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and a…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7014
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196797
|
7.2 |
HIGH
Network
|
elastic
redhat
|
kibana
openshift_container_platform
|
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to…
|
CWE-94
Code Injection
|
CVE-2020-7013
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196798
|
8.8 |
HIGH
Network
|
elastic
|
kibana
|
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data…
|
CWE-94
Code Injection
|
CVE-2020-7012
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196799
|
6.1 |
MEDIUM
Network
|
elastic
|
elastic_app_search
|
Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7011
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196800
|
7.5 |
HIGH
Network
|
elastic
|
elastic_cloud_on_kubernetes
|
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deplo…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2020-7010
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
