National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,308 matching records.
Displaying matches 621 through 640.
Vuln ID Summary CVSS Severity
CVE-2019-10170

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.

Published: May 08, 2020; 10:15:11 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2019-10169

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.

Published: May 08, 2020; 10:15:11 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2020-7291

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-7290

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-7289

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-7288

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-7287

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-7286

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-7285

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-7267

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 8.4 HIGH
    V2: 3.6 LOW
CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Published: May 08, 2020; 09:15:11 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2020-12680

** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability."

Published: May 08, 2020; 09:15:10 AM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-7266

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Published: May 08, 2020; 08:15:12 AM -04:00
V3.1: 8.4 HIGH
    V2: 3.6 LOW
CVE-2020-7265

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Published: May 08, 2020; 08:15:12 AM -04:00
V3.1: 8.4 HIGH
    V2: 3.6 LOW
CVE-2020-7264

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Published: May 08, 2020; 08:15:12 AM -04:00
V3.1: 8.4 HIGH
    V2: 3.6 LOW
CVE-2020-12026

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.

Published: May 08, 2020; 08:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2020-12022

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.

Published: May 08, 2020; 08:15:11 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-12018

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.

Published: May 08, 2020; 08:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-12014

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.

Published: May 08, 2020; 08:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-12010

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.

Published: May 08, 2020; 08:15:11 AM -04:00
V3.1: 7.1 HIGH
    V2: 5.8 MEDIUM