Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9688 | 2 Adobe, Microsoft | 2 Download Manager, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9583 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9582 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9578 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9576 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9242 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. | |||||
| CVE-2020-9199 | 1 Huawei | 6 B2368-22, B2368-22 Firmware, B2368-57 and 3 more | 2024-11-21 | 7.7 HIGH | 6.8 MEDIUM |
| B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. | |||||
| CVE-2020-9127 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. | |||||
| CVE-2020-9116 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. | |||||
| CVE-2020-9115 | 1 Huawei | 1 Manageone | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. | |||||
| CVE-2020-8298 | 1 Fs-path Project | 1 Fs-path | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods. | |||||
| CVE-2020-8101 | 1 Adt | 2 Lifeshield Diy Hd Video Doorbell, Lifeshield Diy Hd Video Doorbell Firmware | 2024-11-21 | 8.3 HIGH | 6.9 MEDIUM |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions. | |||||
| CVE-2020-7848 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value. | |||||
| CVE-2020-7795 | 1 Get-npm-package-version Project | 1 Get-npm-package-version | 2024-11-21 | N/A | 7.3 HIGH |
| The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js. | |||||
| CVE-2020-7697 | 1 Mock2easy Project | 1 Mock2easy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout) { if (error) { return res.json(500, error); } res.json(JSON.parse(stdout)); }, '', _data.interfaceUrl, query, _data.cookie,_data.interfaceType); | |||||
| CVE-2020-7384 | 1 Rapid7 | 1 Metasploit | 2024-11-21 | 9.3 HIGH | 7.0 HIGH |
| Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine. | |||||
| CVE-2020-7034 | 1 Avaya | 1 Session Border Controller For Enterprise | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x | |||||
| CVE-2020-6811 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | |||||
| CVE-2020-5601 | 1 Nta | 1 E-tax Reception System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors. | |||||
| CVE-2020-5299 | 1 Octobercms | 1 October | 2024-11-21 | 4.6 MEDIUM | 4.0 MEDIUM |
| In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466). | |||||