Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24640 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. | |||||
| CVE-2020-24391 | 1 Mongo-express Project | 1 Mongo-express | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769. | |||||
| CVE-2020-24384 | 1 A10networks | 2 Advanced Core Operating System, Agalaxy | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected. | |||||
| CVE-2020-24231 | 1 Jumpmind | 1 Symmetricds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution. | |||||
| CVE-2020-23691 | 1 Yfcmf | 1 Yfcmf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. | |||||
| CVE-2020-23580 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board. | |||||
| CVE-2020-22848 | 1 Chshcms | 1 Cscms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | |||||
| CVE-2020-22612 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Installer RCE on settings file write in MyBB before 1.8.22. | |||||
| CVE-2020-22597 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. | |||||
| CVE-2020-22253 | 1 Xiongmaitech | 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device. | |||||
| CVE-2020-22057 | 1 Evga | 1 Precision Xoc | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data. | |||||
| CVE-2020-21865 | 1 Thinkphp50-cms Project | 1 Thinkphp50-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha. | |||||
| CVE-2020-21648 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php. | |||||
| CVE-2020-21125 | 1 Ureport Project | 1 Ureport | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. | |||||
| CVE-2020-20495 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
| bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | |||||
| CVE-2020-20298 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | |||||
| CVE-2020-20269 | 1 Caret | 1 Caret | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22. | |||||
| CVE-2020-20184 | 1 Liftoffsoftware | 1 Gateone | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection. | |||||
| CVE-2020-1957 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | |||||
| CVE-2020-1889 | 1 Whatsapp | 1 Whatsapp Desktop | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process. | |||||