Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28443 | 1 Sonar-wrapper Project | 1 Sonar-wrapper | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. | |||||
| CVE-2020-28440 | 1 Corenlp-js-interface Project | 1 Corenlp-js-interface | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function. | |||||
| CVE-2020-28439 | 1 Corenlp-js-prefab Project | 1 Corenlp-js-prefab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC: | |||||
| CVE-2020-28438 | 1 Deferred-exec Project | 1 Deferred-exec | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js | |||||
| CVE-2020-28437 | 1 Heroku-env Project | 1 Heroku-env | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. | |||||
| CVE-2020-28435 | 1 Ffmpeg-sdk Project | 1 Ffmpeg-sdk | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. | |||||
| CVE-2020-28434 | 1 Gitblame Project | 1 Gitblame | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. | |||||
| CVE-2020-28423 | 1 Monorepo-build Project | 1 Monorepo-build | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package monorepo-build. | |||||
| CVE-2020-28347 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. | |||||
| CVE-2020-26907 | 1 Netgear | 6 Rbk852, Rbk852 Firmware, Rbr850 and 3 more | 2024-11-21 | 7.7 HIGH | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. | |||||
| CVE-2020-26902 | 1 Netgear | 12 Rbk752, Rbk752 Firmware, Rbk852 and 9 more | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2020-25483 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | |||||
| CVE-2020-25368 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | |||||
| CVE-2020-25367 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | |||||
| CVE-2020-24634 | 1 Arubanetworks | 15 7005, 7008, 7010 and 12 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | |||||
| CVE-2020-24561 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | |||||
| CVE-2020-23639 | 1 Moxa | 2 Vport 461, Vport 461 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. | |||||
| CVE-2020-20951 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | |||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | |||||
| CVE-2020-18758 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code. | |||||