Total
3873 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5535 | 1 Plathome | 2 Openblocks Iot Vx2, Openblocks Iot Vx2 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2020-5534 | 1 Nec | 2 Aterm Wg2600hs, Aterm Wg2600hs Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2020-5525 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. | |||||
| CVE-2020-5524 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | |||||
| CVE-2020-5505 | 1 Vaaip | 1 Freelancy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. | |||||
| CVE-2020-5352 | 1 Dell | 1 Emc Data Protection Advisor | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. | |||||
| CVE-2020-5350 | 1 Dell | 1 Emc Integrated Data Protection Appliance | 2024-11-21 | 9.0 HIGH | 7.9 HIGH |
| Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component. | |||||
| CVE-2020-5332 | 1 Rsa | 1 Archer | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed. | |||||
| CVE-2020-5322 | 1 Dell | 1 Emc Openmanage Enterprise-modular | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system. | |||||
| CVE-2020-5282 | 1 Nick Chan Bot Project | 1 Nick Chan Bot | 2024-11-21 | 7.5 HIGH | 7.2 HIGH |
| In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta | |||||
| CVE-2020-5179 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
| CVE-2020-5146 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier. | |||||
| CVE-2020-4512 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. | |||||
| CVE-2020-4469 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724. | |||||
| CVE-2020-4428 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | |||||
| CVE-2020-4242 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. | |||||
| CVE-2020-4241 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. | |||||
| CVE-2020-4222 | 1 Ibm | 1 Spectrum Protect | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091. | |||||
| CVE-2020-4213 | 1 Ibm | 1 Spectrum Protect | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024. | |||||
| CVE-2020-4211 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022. | |||||