Total
3873 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1734 | 1 Redhat | 2 Ansible Engine, Ansible Tower | 2024-11-21 | 3.7 LOW | 7.4 HIGH |
| A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts. | |||||
| CVE-2020-1609 | 1 Juniper | 1 Junos | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. | |||||
| CVE-2020-1605 | 1 Juniper | 1 Junos | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. | |||||
| CVE-2020-1602 | 1 Juniper | 1 Junos | 2024-11-21 | 8.3 HIGH | 7.1 HIGH |
| When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. | |||||
| CVE-2020-19907 | 1 Mitre | 1 Caldera | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. | |||||
| CVE-2020-19664 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | |||||
| CVE-2020-19527 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | |||||
| CVE-2020-19316 | 2 Laravel, Microsoft | 2 Framework, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. | |||||
| CVE-2020-19142 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. | |||||
| CVE-2020-18568 | 1 Dlink | 4 Dsr-1000n, Dsr-1000n Firmware, Dsr-250 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | |||||
| CVE-2020-17505 | 1 Articatech | 1 Web Proxy | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. | |||||
| CVE-2020-17456 | 1 Seowonintech | 10 Slc-130, Slc-130 Firmware, Slr-120d42g and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. | |||||
| CVE-2020-17406 | 1 Microhardcorp | 2 Bullet-lte, Bullet-lte Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595. | |||||
| CVE-2020-17384 | 1 Cellopoint | 1 Cellos | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system. | |||||
| CVE-2020-17368 | 4 Debian, Fedoraproject, Firejail Project and 1 more | 4 Debian Linux, Fedora, Firejail and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | |||||
| CVE-2020-17363 | 1 Usvn | 1 Usvn | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069. | |||||
| CVE-2020-17352 | 1 Sophos | 1 Xg Firewall Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | |||||
| CVE-2020-17010 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2020-16846 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | |||||
| CVE-2020-16282 | 1 Rangee | 1 Rangeeos | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system. | |||||