Total
4380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36379 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36378 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36377 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36376 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36243 | 1 Open-emr | 1 Openemr | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters. | |||||
| CVE-2020-36198 | 1 Qnap | 1 Malware Remover | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x. | |||||
| CVE-2020-36178 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem. | |||||
| CVE-2020-35851 | 1 Hgiga | 2 Msr45 Isherlock-user, Ssr45 Isherlock-user | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
| HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system. | |||||
| CVE-2020-35729 | 1 Klogserver | 1 Klog Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. | |||||
| CVE-2020-35715 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | |||||
| CVE-2020-35713 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | |||||
| CVE-2020-35665 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. | |||||
| CVE-2020-35606 | 1 Webmin | 1 Webmin | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. | |||||
| CVE-2020-35578 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands. | |||||
| CVE-2020-35476 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | |||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | |||||
| CVE-2020-2507 | 1 Qnap | 1 Helpdesk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | |||||
| CVE-2020-2276 | 1 Jenkins | 1 Selection Tasks | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | |||||
| CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | |||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | |||||