|
210761
|
9.8 |
CRITICAL
Network
|
secomea
|
gatemanager_8250_firmware
|
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-14510
|
2024-11-21 14:03 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210762
|
9.8 |
CRITICAL
Network
|
secomea
|
gatemanager_8250_firmware
|
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.
|
CWE-193
Off-by-one Error
|
CVE-2020-14508
|
2024-11-21 14:03 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210763
|
9.8 |
CRITICAL
Network
|
secomea
|
gatemanager_8250_firmware
|
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-14500
|
2024-11-21 14:03 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210764
|
6.0 |
MEDIUM
Local
|
tuxfamily
fedoraproject
canonical
|
chrony
fedora
ubuntu_linux
|
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when…
|
CWE-59
Link Following
|
CVE-2020-14367
|
2024-11-21 14:03 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210765
|
7.3 |
HIGH
Local
|
postgresql
debian
opensuse
canonical
|
postgresql
debian_linux
leap
ubuntu_linux
|
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into exe…
|
CWE-426
Untrusted Search Path
|
CVE-2020-14350
|
2024-11-21 14:03 |
2020-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210766
|
7.1 |
HIGH
Network
|
postgresql
opensuse
|
postgresql
leap
|
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in …
|
CWE-89
CWE-427
SQL Injection
Uncontrolled Search Path Element
|
CVE-2020-14349
|
2024-11-21 14:03 |
2020-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210767
|
5.3 |
MEDIUM
Network
|
philips
|
dreammapper
|
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-14518
|
2024-11-21 14:03 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210768
|
7.8 |
HIGH
Local
|
linux
redhat
opensuse
debian
canonical
netapp
|
linux_kernel
enterprise_linux
leap
debian_linux
ubuntu_linux
cloud_backup
solidfire
hci_management_node
active_iq_unified_manager
solidfire_baseboard_management_controller_…
|
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-14356
|
2024-11-21 14:03 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210769
|
6.1 |
MEDIUM
Network
|
ovirt
|
ovirt-engine
|
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This …
|
-
|
CVE-2020-14333
|
2024-11-21 14:03 |
2020-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210770
|
4.3 |
MEDIUM
Adjacent
|
tridium
|
niagara_enterprise_security
niagara
|
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.2…
|
NVD-CWE-Other
|
CVE-2020-14483
|
2024-11-21 14:03 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
