Total
4386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8105 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | 7.2 HIGH | 9.6 CRITICAL |
| OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz. | |||||
| CVE-2020-7980 | 1 Intelliantech | 1 Aptus Web | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. | |||||
| CVE-2020-7879 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. | |||||
| CVE-2020-7825 | 1 Tobesoft | 1 Miplatform | 2024-11-21 | 10.0 HIGH | 8.8 HIGH |
| A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform. | |||||
| CVE-2020-7805 | 1 Infomark | 4 Iml500, Iml500 Firmware, Iml520 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands. | |||||
| CVE-2020-7804 | 2 Handysoft, Microsoft | 4 Groupware, Windows 10, Windows 7 and 1 more | 2024-11-21 | 6.5 MEDIUM | 6.4 MEDIUM |
| ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. | |||||
| CVE-2020-7789 | 1 Node-notifier Project | 1 Node-notifier | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array. | |||||
| CVE-2020-7778 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. | |||||
| CVE-2020-7775 | 1 Freediskspace Project | 1 Freediskproject | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | |||||
| CVE-2020-7735 | 1 Ng-packagr Project | 1 Ng-packagr | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
| The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | |||||
| CVE-2020-7712 | 2 Joyent, Oracle | 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | |||||
| CVE-2020-7688 | 1 Mversion Project | 1 Mversion | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | |||||
| CVE-2020-7646 | 1 Curlrequest Project | 1 Curlrequest | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | |||||
| CVE-2020-7645 | 1 Google | 1 Chrome-launcher | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. | |||||
| CVE-2020-7640 | 1 Pixlcore | 1 Pixl-class | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. | |||||
| CVE-2020-7628 | 2 Install-package Project, Umount Project | 2 Install-package, Umount | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. | |||||
| CVE-2020-7615 | 1 Fsa Project | 1 Fsa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands. | |||||
| CVE-2020-7614 | 1 Npm-programmatic Project | 1 Npm-programmatic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | |||||
| CVE-2020-7597 | 1 Codecov | 1 Codecov | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. | |||||
| CVE-2020-7594 | 1 Multitech | 2 Conduit Mtcdt-lvw2-246a, Conduit Mtcdt-lvw2-246a Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | |||||