|
196541
|
4.3 |
MEDIUM
Network
|
mcafee
|
email_gateway
|
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricte…
|
CWE-22
Path Traversal
|
CVE-2020-7268
|
2024-11-21 14:36 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196542
|
3.6 |
LOW
Local
|
php
debian
tenable
|
php
debian_linux
tenable.sc
|
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which …
|
CWE-416
Use After Free
|
CVE-2020-7068
|
2024-11-21 14:36 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196543
|
4.9 |
MEDIUM
Network
|
arubanetworks
|
analytics_and_location_engine
|
A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily m…
|
NVD-CWE-noinfo
|
CVE-2020-7119
|
2024-11-21 14:36 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196544
|
9.1 |
CRITICAL
Network
|
zte
|
zxiptv_firmware
|
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration…
|
CWE-327
CWE-522
Use of a Broken or Risky Cryptographic Algorithm
Insufficiently Protected Credentials
|
CVE-2020-6874
|
2024-11-21 14:36 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196545
|
5.3 |
MEDIUM
Network
|
zte
|
zxr10_2800-4_almpufb\(low\)_firmware
|
A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cau…
|
NVD-CWE-noinfo
|
CVE-2020-6873
|
2024-11-21 14:36 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196546
|
9.8 |
CRITICAL
Network
|
os4ed
|
opensis
|
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
|
CWE-89
SQL Injection
|
CVE-2020-6637
|
2024-11-21 14:36 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196547
|
6.5 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recent…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7019
|
2024-11-21 14:36 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196548
|
8.8 |
HIGH
Network
|
elastic
|
enterprise_search
|
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API cre…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7018
|
2024-11-21 14:36 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196549
|
3.9 |
LOW
Physics
|
eaton
|
secureconnect
|
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can …
|
CWE-200
CWE-532
Information Exposure
Inclusion of Sensitive Information in Log Files
|
CVE-2020-6653
|
2024-11-21 14:36 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196550
|
9.8 |
CRITICAL
Network
|
blackberry
|
qnx_software_development_platform
|
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to pote…
|
NVD-CWE-noinfo
|
CVE-2020-6932
|
2024-11-21 14:36 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
