Total
2356 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24634 | 1 Arubanetworks | 15 7005, 7008, 7010 and 12 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | |||||
| CVE-2020-24632 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-24631 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-24561 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | |||||
| CVE-2020-23639 | 1 Moxa | 2 Vport 461, Vport 461 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. | |||||
| CVE-2020-21785 | 1 Ibos | 1 Ibos | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | |||||
| CVE-2020-20951 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | |||||
| CVE-2020-19151 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | |||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | |||||
| CVE-2020-18885 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | |||||
| CVE-2020-18758 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code. | |||||
| CVE-2020-18568 | 1 Dlink | 4 Dsr-1000n, Dsr-1000n Firmware, Dsr-250 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | |||||
| CVE-2020-18048 | 1 Bertanddip | 1 Craigms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. | |||||
| CVE-2020-17759 | 2 Evernote, Microsoft | 4 Evernote, Windows 10, Windows 7 and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. | |||||
| CVE-2020-17504 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. | |||||
| CVE-2020-17503 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter "locking" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. | |||||
| CVE-2020-17502 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameters xmodules, ymodules and savelocking are not properly handled. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. | |||||
| CVE-2020-17500 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. | |||||
| CVE-2020-16257 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Winston 1.5.4 devices are vulnerable to command injection via the API. | |||||
| CVE-2020-15955 | 1 Fehcom | 1 S\/qmail | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker. | |||||