Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28445 | 1 Npm-help Project | 1 Npm-help | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. | |||||
| CVE-2020-28443 | 1 Sonar-wrapper Project | 1 Sonar-wrapper | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. | |||||
| CVE-2020-28438 | 1 Deferred-exec Project | 1 Deferred-exec | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js | |||||
| CVE-2020-28437 | 1 Heroku-env Project | 1 Heroku-env | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. | |||||
| CVE-2020-28436 | 1 Google-cloudstorage-commands Project | 1 Google-cloudstorage-commands | 2024-11-21 | N/A | 7.3 HIGH |
| This affects all versions of package google-cloudstorage-commands. | |||||
| CVE-2020-28435 | 1 Ffmpeg-sdk Project | 1 Ffmpeg-sdk | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. | |||||
| CVE-2020-28434 | 1 Gitblame Project | 1 Gitblame | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. | |||||
| CVE-2020-28433 | 1 Node-latex-pdf Project | 1 Node-latex-pdf | 2024-11-21 | N/A | 7.3 HIGH |
| This affects all versions of package node-latex-pdf. | |||||
| CVE-2020-28425 | 1 Curljs Project | 1 Curljs | 2024-11-21 | N/A | 7.3 HIGH |
| This affects all versions of package curljs. | |||||
| CVE-2020-28423 | 1 Monorepo-build Project | 1 Monorepo-build | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package monorepo-build. | |||||
| CVE-2020-28422 | 1 Git-archive Project | 1 Git-archive | 2024-11-21 | N/A | 6.4 MEDIUM |
| All versions of package git-archive are vulnerable to Command Injection via the exports function. | |||||
| CVE-2020-28243 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | |||||
| CVE-2020-27867 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2024-11-21 | 7.7 HIGH | 6.8 MEDIUM |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653. | |||||
| CVE-2020-27864 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880. | |||||
| CVE-2020-27862 | 1 Dlink | 4 Dsl-2888a, Dsl-2888a Firmware, Dva-2800 and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911. | |||||
| CVE-2020-26929 | 1 Netgear | 4 R6220, R6220 Firmware, R6230 and 1 more | 2024-11-21 | 5.2 MEDIUM | 7.3 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100. | |||||
| CVE-2020-26922 | 1 Netgear | 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | |||||
| CVE-2020-26920 | 1 Netgear | 6 Srk60, Srk60 Firmware, Srr60 and 3 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110. | |||||
| CVE-2020-26914 | 1 Netgear | 28 D6200, D6200 Firmware, D7000 and 25 more | 2024-11-21 | 5.2 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
| CVE-2020-26910 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 5.2 MEDIUM | 8.4 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||