Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35794 | 1 Netgear | 14 Rbk752, Rbk752 Firmware, Rbk852 and 11 more | 2024-11-21 | 5.2 MEDIUM | 8.4 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2020-35793 | 1 Netgear | 10 D7800, D7800 Firmware, R7500 and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. | |||||
| CVE-2020-35792 | 1 Netgear | 8 R7500, R7500 Firmware, R7800 and 5 more | 2024-11-21 | 5.2 MEDIUM | 8.3 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68. | |||||
| CVE-2020-35791 | 1 Netgear | 6 R7800, R7800 Firmware, R8900 and 3 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. | |||||
| CVE-2020-35790 | 1 Netgear | 8 D7800, D7800 Firmware, R7800 and 5 more | 2024-11-21 | 5.2 MEDIUM | 6.4 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. | |||||
| CVE-2020-35777 | 1 Netgear | 2 Dgn2200v1, Dgn2200v1 Firmware | 2024-11-21 | 7.7 HIGH | 8.4 HIGH |
| NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. | |||||
| CVE-2020-2509 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later | |||||
| CVE-2020-2508 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) | |||||
| CVE-2020-2492 | 1 Qnap | 1 Qts | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | |||||
| CVE-2020-2490 | 1 Qnap | 1 Qts | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | |||||
| CVE-2020-29548 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. | |||||
| CVE-2020-29547 | 1 Citadel | 1 Webcit | 2024-11-21 | N/A | 5.9 MEDIUM |
| An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure. | |||||
| CVE-2020-29299 | 1 Zyxel | 7 Atp, Nsg, Nsg Firmware and 4 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. | |||||
| CVE-2020-28908 | 1 Nagios | 1 Fusion | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. | |||||
| CVE-2020-28902 | 1 Nagios | 1 Fusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | |||||
| CVE-2020-28901 | 1 Nagios | 1 Fusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | |||||
| CVE-2020-28453 | 1 Npos-tesseract Project | 1 Npos-tesseract | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. | |||||
| CVE-2020-28451 | 1 Image-tiler Project | 1 Image-tiler | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects the package image-tiler before 2.0.2. | |||||
| CVE-2020-28447 | 1 Xopen Project | 1 Xopen | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) | |||||
| CVE-2020-28446 | 1 Ntesseract Project | 1 Ntesseract | 2024-11-21 | N/A | 9.8 CRITICAL |
| The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. | |||||