Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12246 | 1 Beeline | 2 Smart Box, Smart Box Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. | |||||
CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | |||||
CVE-2020-3430 | 1 Cisco | 1 Jabber | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software. | |||||
CVE-2020-14072 | 1 Mk-auth | 1 Mk-auth | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts. | |||||
CVE-2020-24032 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone. | |||||
CVE-2020-15615 | 1 Control-webpanel | 1 Webpanel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9746. | |||||
CVE-2019-12123 | 1 Onap | 1 Open Network Automation Platform | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
CVE-2020-7712 | 2 Joyent, Oracle | 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | |||||
CVE-2020-2037 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. | |||||
CVE-2020-17456 | 1 Seowonintech | 10 Slc-130, Slc-130 Firmware, Slr-120d42g and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. | |||||
CVE-2020-16205 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). | |||||
CVE-2020-15642 | 1 Marvell | 1 Qconvergeconsole | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10501. | |||||
CVE-2020-4512 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. | |||||
CVE-2020-3266 | 1 Cisco | 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. | |||||
CVE-2020-24354 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | |||||
CVE-2020-7614 | 1 Npm-programmatic Project | 1 Npm-programmatic | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | |||||
CVE-2020-15433 | 1 Control-webpanel | 1 Webpanel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9715. | |||||
CVE-2020-5868 | 1 F5 | 1 Big-iq Centralized Management | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. | |||||
CVE-2020-7628 | 2 Install-package Project, Umount Project | 2 Install-package, Umount | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. | |||||
CVE-2020-2029 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. This issue affects: All versions of PAN-OS 8.0; PAN-OS 7.1 versions earlier than PAN-OS 7.1.26; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. |