|
196571
|
7.8 |
HIGH
Local
|
mcafee
|
host_intrusion_prevention
|
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access…
|
CWE-426
Untrusted Search Path
|
CVE-2020-7279
|
2024-11-21 14:36 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196572
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortianalyzer
|
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Descrip…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6640
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196573
|
5.5 |
MEDIUM
Local
|
avaya
|
ip_office
|
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affec…
|
CWE-200
Information Exposure
|
CVE-2020-7030
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196574
|
5.4 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitiv…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7015
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196575
|
8.8 |
HIGH
Network
|
elastic
|
elasticsearch
|
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and a…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7014
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196576
|
7.2 |
HIGH
Network
|
elastic
redhat
|
kibana
openshift_container_platform
|
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to…
|
CWE-94
Code Injection
|
CVE-2020-7013
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196577
|
8.8 |
HIGH
Network
|
elastic
|
kibana
|
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data…
|
CWE-94
Code Injection
|
CVE-2020-7012
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196578
|
6.1 |
MEDIUM
Network
|
elastic
|
elastic_app_search
|
Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7011
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196579
|
7.5 |
HIGH
Network
|
elastic
|
elastic_cloud_on_kubernetes
|
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deplo…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2020-7010
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196580
|
7.2 |
HIGH
Network
|
arubanetworks
|
clearpass_policy_manager
|
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then …
|
NVD-CWE-noinfo
|
CVE-2020-7117
|
2024-11-21 14:36 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
