CVE-2020-7012

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

Related Vulnerabilities

CVE-2009-1547

HIGH
CVSS:8.8(High)

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, a...

CWE-942009

CVE-2011-1265

HIGH
CVSS:8.8(High)

The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, ...

CWE-942011

CVE-2011-1830

HIGH
CVSS:8.8(High)

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

CWE-942011

CVE-2012-0158

HIGH
CVSS:8.8(High)

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2...

CWE-942012

CVE-2012-0175

HIGH
CVSS:8.8(High)

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitr...

CWE-942012

CVE-2014-4000

HIGH
CVSS:8.8(High)

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes...

CWE-942014