|
198741
|
4.9 |
MEDIUM
Network
|
arubanetworks
|
analytics_and_location_engine
|
A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily m…
|
NVD-CWE-noinfo
|
CVE-2020-7119
|
2024-11-21 14:36 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198742
|
9.1 |
CRITICAL
Network
|
zte
|
zxiptv_firmware
|
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration…
|
CWE-327
CWE-522
Use of a Broken or Risky Cryptographic Algorithm
Insufficiently Protected Credentials
|
CVE-2020-6874
|
2024-11-21 14:36 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198743
|
5.3 |
MEDIUM
Network
|
zte
|
zxr10_2800-4_almpufb\(low\)_firmware
|
A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cau…
|
NVD-CWE-noinfo
|
CVE-2020-6873
|
2024-11-21 14:36 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198744
|
9.8 |
CRITICAL
Network
|
os4ed
|
opensis
|
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
|
CWE-89
SQL Injection
|
CVE-2020-6637
|
2024-11-21 14:36 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198745
|
6.5 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recent…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7019
|
2024-11-21 14:36 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198746
|
8.8 |
HIGH
Network
|
elastic
|
enterprise_search
|
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API cre…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7018
|
2024-11-21 14:36 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198747
|
3.9 |
LOW
Physics
|
eaton
|
secureconnect
|
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can …
|
CWE-200
CWE-532
Information Exposure
Inclusion of Sensitive Information in Log Files
|
CVE-2020-6653
|
2024-11-21 14:36 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198748
|
9.8 |
CRITICAL
Network
|
blackberry
|
qnx_software_development_platform
|
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to pote…
|
NVD-CWE-noinfo
|
CVE-2020-6932
|
2024-11-21 14:36 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198749
|
8.8 |
HIGH
Network
|
avaya
|
aura_messaging
aura_communication_manager
|
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability coul…
|
CWE-352
Origin Validation Error
|
CVE-2020-7029
|
2024-11-21 14:36 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198750
|
6.7 |
MEDIUM
Local
|
hpe
|
intelligent_provisioning
service_pack_for_proliant
smartstart_scripting_toolkit
|
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arb…
|
NVD-CWE-noinfo
|
CVE-2020-7205
|
2024-11-21 14:36 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
