Total
3873 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36379 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36378 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36377 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36376 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36246 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | |||||
| CVE-2020-36243 | 1 Open-emr | 1 Openemr | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters. | |||||
| CVE-2020-36199 | 1 Kaspersky | 1 Tinycheck | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. | |||||
| CVE-2020-36198 | 1 Qnap | 1 Malware Remover | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x. | |||||
| CVE-2020-36178 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem. | |||||
| CVE-2020-35851 | 1 Hgiga | 2 Msr45 Isherlock-user, Ssr45 Isherlock-user | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
| HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system. | |||||
| CVE-2020-35789 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. | |||||
| CVE-2020-35729 | 1 Klogserver | 1 Klog Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. | |||||
| CVE-2020-35715 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | |||||
| CVE-2020-35714 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | |||||
| CVE-2020-35713 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | |||||
| CVE-2020-35665 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. | |||||
| CVE-2020-35606 | 1 Webmin | 1 Webmin | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. | |||||
| CVE-2020-35578 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands. | |||||
| CVE-2020-35576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. | |||||
| CVE-2020-35476 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | |||||