Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7786 | 1 Macfromip Project | 1 Macfromip | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js. | |||||
| CVE-2020-36246 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | |||||
| CVE-2020-25757 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17. | |||||
| CVE-2021-0218 | 1 Juniper | 1 Junos | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2. | |||||
| CVE-2020-27298 | 1 Philips | 5 Coronary Tools, Dynamic Coronary Roadmap, Interventional Workspot and 2 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. | |||||
| CVE-2020-27575 | 1 Maxum | 1 Rumpus | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. | |||||
| CVE-2020-12522 | 1 Wago | 42 750-8101\/025-000, 750-8102\/025-000, 750-8202\/000-012 and 39 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. | |||||
| CVE-2021-20648 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2024-02-28 | 7.7 HIGH | 6.8 MEDIUM |
| ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2020-26085 | 1 Cisco | 1 Jabber | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-23330 | 1 Bitovi | 1 Launchpad | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package launchpad are vulnerable to Command Injection via stop. | |||||
| CVE-2020-10209 | 1 Amino | 12 Ak45x, Ak45x Firmware, Ak5xx and 9 more | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
| Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. | |||||
| CVE-2020-12109 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | |||||
| CVE-2020-8188 | 1 Ui | 4 Unifi Cloud Key Plus, Unifi Dream Machine Pro, Unifi Protect and 1 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges. | |||||
| CVE-2020-4241 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. | |||||
| CVE-2020-7605 | 1 Gulp-tape Project | 1 Gulp-tape | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options. | |||||
| CVE-2018-21154 | 1 Netgear | 10 D7800, D7800 Firmware, Dm200 and 7 more | 2024-02-28 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42. | |||||
| CVE-2020-15613 | 1 Control-webpanel | 1 Webpanel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9739. | |||||
| CVE-2019-15311 | 1 Linkplay | 1 Linkplay | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities. | |||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | |||||
| CVE-2018-21106 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-02-28 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||