|
213081
|
6.1 |
MEDIUM
Network
|
oracle
|
primavera_portfolio_management
|
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2…
|
NVD-CWE-noinfo
|
CVE-2020-14528
|
2024-11-21 14:03 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213082
|
5.9 |
MEDIUM
Network
|
oracle
|
primavera_portfolio_management
|
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2…
|
NVD-CWE-noinfo
|
CVE-2020-14527
|
2024-11-21 14:03 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213083
|
7.5 |
HIGH
Network
|
cellebrite
|
ufed_firmware
|
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-14474
|
2024-11-21 14:03 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213084
|
7.8 |
HIGH
Local
|
deltaww
|
dopsoft
|
Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of in…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14482
|
2024-11-21 14:03 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213085
|
8.8 |
HIGH
Network
|
nedi
|
nedi
|
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system c…
|
CWE-78
OS Command
|
CVE-2020-14414
|
2024-11-21 14:03 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213086
|
6.1 |
MEDIUM
Network
|
nedi
|
nedi
|
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easil…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14413
|
2024-11-21 14:03 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213087
|
8.8 |
HIGH
Network
|
nedi
|
nedi
|
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (an…
|
CWE-78
OS Command
|
CVE-2020-14412
|
2024-11-21 14:03 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213088
|
4.4 |
MEDIUM
Local
|
philips
|
clearvue_850_firmware
clearvue_350_firmware
cx50_firmware
affiniti_70_firmware
affiniti_50_firmware
epiq_7_firmware
sparq_firmware
xperius_firmware
|
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasou…
|
CWE-287
Improper Authentication
|
CVE-2020-14477
|
2024-11-21 14:03 |
2020-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213089
|
9.8 |
CRITICAL
Network
|
draytek
|
vigor300b_firmware
vigor2960_firmware
vigor3900_firmware
|
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14473
|
2024-11-21 14:03 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213090
|
9.8 |
CRITICAL
Network
|
draytek
|
vigor300b_firmware
vigor2960_firmware
vigor3900_firmware
|
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
|
CWE-77
Command Injection
|
CVE-2020-14472
|
2024-11-21 14:03 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
