|
198231
|
7.2 |
HIGH
Network
|
elastic
redhat
|
kibana
openshift_container_platform
|
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to…
|
CWE-94
Code Injection
|
CVE-2020-7013
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198232
|
8.8 |
HIGH
Network
|
elastic
|
kibana
|
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data…
|
CWE-94
Code Injection
|
CVE-2020-7012
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198233
|
6.1 |
MEDIUM
Network
|
elastic
|
elastic_app_search
|
Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7011
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198234
|
7.5 |
HIGH
Network
|
elastic
|
elastic_cloud_on_kubernetes
|
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deplo…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2020-7010
|
2024-11-21 14:36 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198235
|
7.2 |
HIGH
Network
|
arubanetworks
|
clearpass_policy_manager
|
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then …
|
NVD-CWE-noinfo
|
CVE-2020-7117
|
2024-11-21 14:36 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198236
|
7.2 |
HIGH
Network
|
arubanetworks
|
clearpass_policy_manager
|
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then …
|
NVD-CWE-noinfo
|
CVE-2020-7116
|
2024-11-21 14:36 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198237
|
9.8 |
CRITICAL
Network
|
arubanetworks
|
clearpass_policy_manager
|
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to rem…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-7115
|
2024-11-21 14:36 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198238
|
6.5 |
MEDIUM
Adjacent
|
zte
|
f680_firmware
|
There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN co…
|
CWE-20
Improper Input Validation
|
CVE-2020-6868
|
2024-11-21 14:36 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198239
|
7.5 |
HIGH
Network
|
mulesoft
|
mule_runtime
|
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
|
NVD-CWE-noinfo
|
CVE-2020-6937
|
2024-11-21 14:36 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198240
|
8.8 |
HIGH
Local
|
bosch
|
recording_station_firmware
|
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-6774
|
2024-11-21 14:36 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
