Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19148 | 1 Tellabs | 2 Optical Line Terminal 1150, Optical Line Terminal 1150 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. Tellabs has addressed this issue in the SR30.1 and SR31.1 release on February 18, 2020. | |||||
| CVE-2020-8816 | 1 Pi-hole | 1 Pi-hole | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | |||||
| CVE-2020-15362 | 1 Thingssdk | 1 Wifiscanner | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code. | |||||
| CVE-2020-3332 | 1 Cisco | 8 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130 Vpn Router and 5 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device. | |||||
| CVE-2020-5282 | 1 Nick Chan Bot Project | 1 Nick Chan Bot | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta | |||||
| CVE-2020-15421 | 1 Control-webpanel | 1 Webpanel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the check_ip parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9707. | |||||
| CVE-2020-14162 | 1 Pi-hole | 1 Pi-hole | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command. | |||||
| CVE-2020-3211 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise. | |||||
| CVE-2020-14412 | 1 Nedi | 1 Nedi | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.) | |||||
| CVE-2020-15489 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. | |||||
| CVE-2020-15121 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
| CVE-2016-11054 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory. | |||||
| CVE-2020-3212 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device. | |||||
| CVE-2020-15123 | 1 Codecov | 1 Codecov | 2024-02-28 | 6.8 MEDIUM | 9.3 CRITICAL |
| In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE (CVE-2020-7597 for GHSA-5q88-cjfq-g2mh) was issued but the fix was incomplete. It only blocked &, and command injection is still possible using backticks instead to bypass the sanitizer. The attack surface is low in this case. Particularly in the standard use of codecov, where the module is used directly in a build pipeline, not built against as a library in another application that may supply malicious input and perform command injection. | |||||
| CVE-2020-13388 | 1 Python | 1 Jw.util | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. | |||||
| CVE-2020-13404 | 1 Quadra-informatique | 1 Atos\/sips | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. | |||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | |||||
| CVE-2020-2030 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services. | |||||
| CVE-2018-21164 | 1 Netgear | 4 R6220, R6220 Firmware, Wndr3700 and 1 more | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54. | |||||