Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-7012 | Code Injection vulnerability in Elastic Kibana Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. | 6.5 |
| 2020-06-03 | CVE-2020-7011 | Cross-site Scripting vulnerability in Elastic APP Search Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. | 4.3 |
| 2020-06-03 | CVE-2020-7010 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Elastic Cloud on Kubernetes Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. | 7.5 |
| 2020-06-03 | CVE-2020-3335 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. | 2.1 |
| 2020-06-03 | CVE-2020-3333 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. | 5.0 |
| 2020-06-03 | CVE-2020-3281 | Information Exposure Through Log Files vulnerability in Cisco Digital Network Architecture Center A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. | 4.0 |
| 2020-06-03 | CVE-2020-3267 | Files or Directories Accessible to External Parties vulnerability in Cisco Unified Contact Center Express A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. | 5.5 |
| 2020-06-03 | CVE-2020-3258 | Unspecified vulnerability in Cisco IOS 15.8(3)M2/15.8(9)/15.9 Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. | 10.0 |
| 2020-06-03 | CVE-2020-3257 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS 15.8(3.0Z)M1/15.9 Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. | 4.8 |
| 2020-06-03 | CVE-2020-3238 | Improper Input Validation vulnerability in Cisco IOX A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. | 5.5 |