|
198221
|
8.1 |
HIGH
Network
|
fortinet
|
fortideceptor
|
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be abl…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-6644
|
2024-11-21 14:36 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198222
|
5.5 |
MEDIUM
Local
|
mcafee
|
advanced_threat_defense
|
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.
|
CWE-200
Information Exposure
|
CVE-2020-7262
|
2024-11-21 14:36 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198223
|
8.1 |
HIGH
Network
|
zte
|
ztemarket_apk
|
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and exec…
|
NVD-CWE-noinfo
|
CVE-2020-6869
|
2024-11-21 14:36 |
2020-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198224
|
3.8 |
LOW
Network
|
openmicroscopy
|
omero
|
In OMERO before 5.6.1, group owners can access members' data in other groups.
|
CWE-863
Incorrect Authorization
|
CVE-2020-6752
|
2024-11-21 14:36 |
2020-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198225
|
7.8 |
HIGH
Local
|
mcafee
|
virusscan_enterprise
|
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they wou…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7280
|
2024-11-21 14:36 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198226
|
7.8 |
HIGH
Local
|
mcafee
|
host_intrusion_prevention
|
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access…
|
CWE-426
Untrusted Search Path
|
CVE-2020-7279
|
2024-11-21 14:36 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198227
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortianalyzer
|
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Descrip…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6640
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198228
|
5.5 |
MEDIUM
Local
|
avaya
|
ip_office
|
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affec…
|
CWE-200
Information Exposure
|
CVE-2020-7030
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198229
|
5.4 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitiv…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7015
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198230
|
8.8 |
HIGH
Network
|
elastic
|
elasticsearch
|
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and a…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7014
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
