Total
938 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7848 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value. | |||||
| CVE-2020-7795 | 1 Get-npm-package-version Project | 1 Get-npm-package-version | 2024-11-21 | N/A | 7.3 HIGH |
| The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js. | |||||
| CVE-2020-7752 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. | |||||
| CVE-2020-7384 | 1 Rapid7 | 1 Metasploit | 2024-11-21 | 9.3 HIGH | 7.0 HIGH |
| Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine. | |||||
| CVE-2020-7129 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-7034 | 1 Avaya | 1 Session Border Controller For Enterprise | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x | |||||
| CVE-2020-6811 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | |||||
| CVE-2020-4983 | 1 Ibm | 2 Spectrum Lsf, Spectrum Lsf Suite | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586. | |||||
| CVE-2020-4688 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700. | |||||
| CVE-2020-4636 | 2 Ibm, Linux | 2 Resilient Security Orchestration Automation And Response, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. | |||||
| CVE-2020-4059 | 1 Mversion Project | 1 Mversion | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function. | |||||
| CVE-2020-36529 | 1 Ibm | 1 Sevone Network Performance Management | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely. | |||||
| CVE-2020-36463 | 1 Multiqueue Project | 1 Multiqueue | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>. | |||||
| CVE-2020-36462 | 1 Syncpool Project | 1 Syncpool | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2. | |||||
| CVE-2020-36461 | 1 Noise Search Project | 1 Noise Search | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock. | |||||
| CVE-2020-36459 | 1 Dces Project | 1 Dces | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore. | |||||
| CVE-2020-36457 | 1 Lever Project | 1 Level | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox<T> implements the Send and Sync traits for all types T. | |||||
| CVE-2020-36456 | 1 Toolshed Project | 1 Toolshed | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell<T>, the Send trait lacks bounds on the contained type. | |||||
| CVE-2020-36455 | 1 Brokenlamp | 1 Slock | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock<T> unconditionally implements Send and Sync. | |||||
| CVE-2020-36451 | 1 Rcu Cell Project | 1 Rcu Cell | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the rcu_cell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell<T>. | |||||