Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7784 | 1 Ts-process-promises Project | 1 Ts-process-promises | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC: | |||||
| CVE-2020-7781 | 1 Connection-tester Project | 1 Connection-tester | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | |||||
| CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | |||||
| CVE-2020-7373 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability. | |||||
| CVE-2020-7128 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-36199 | 1 Kaspersky | 1 Tinycheck | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. | |||||
| CVE-2020-35798 | 1 Netgear | 60 R6400v2, R6400v2 Firmware, R6700v3 and 57 more | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50. | |||||
| CVE-2020-35797 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. | |||||
| CVE-2020-29381 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename. | |||||
| CVE-2020-29311 | 1 Ubilling | 1 Ubilling | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software. | |||||
| CVE-2020-29056 | 2 Cdata, Cdatatec | 57 Fd1104 Firmware, 72408a, 72408a Firmware and 54 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration. | |||||
| CVE-2020-28908 | 1 Nagios | 1 Fusion | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. | |||||
| CVE-2020-28902 | 1 Nagios | 1 Fusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | |||||
| CVE-2020-28901 | 1 Nagios | 1 Fusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | |||||
| CVE-2020-28464 | 1 Djv Project | 1 Djv | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine. | |||||
| CVE-2020-28453 | 1 Npos-tesseract Project | 1 Npos-tesseract | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. | |||||
| CVE-2020-28451 | 1 Image-tiler Project | 1 Image-tiler | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects the package image-tiler before 2.0.2. | |||||
| CVE-2020-28447 | 1 Xopen Project | 1 Xopen | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) | |||||
| CVE-2020-28446 | 1 Ntesseract Project | 1 Ntesseract | 2024-11-21 | N/A | 9.8 CRITICAL |
| The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. | |||||
| CVE-2020-28445 | 1 Npm-help Project | 1 Npm-help | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. | |||||