Total
3677 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8274 | 1 Citrix | 1 Secure Mail | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | |||||
| CVE-2020-8243 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | |||||
| CVE-2020-8224 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | |||||
| CVE-2020-8218 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | |||||
| CVE-2020-8194 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. | |||||
| CVE-2020-8180 | 1 Nextcloud | 1 Talk | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | |||||
| CVE-2020-8163 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | |||||
| CVE-2020-8149 | 1 Logkitty Project | 1 Logkitty | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | |||||
| CVE-2020-8141 | 1 Dot Project | 1 Dot | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype. | |||||
| CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | |||||
| CVE-2020-8137 | 1 Blamer Project | 1 Blamer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. | |||||
| CVE-2020-8129 | 1 Script-manager Project | 1 Script-manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | |||||
| CVE-2020-7745 | 1 Mintegral | 1 Mintegraladsdk | 2024-11-21 | 10.0 HIGH | 7.1 HIGH |
| This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device. | |||||
| CVE-2020-7710 | 1 Safe-eval Project | 1 Safe-eval | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. | |||||
| CVE-2020-7694 | 1 Encode | 1 Uvicorn | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file). | |||||
| CVE-2020-7675 | 1 Cd-messenger Project | 1 Cd-messenger | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution. | |||||
| CVE-2020-7674 | 1 Access-policy Project | 1 Access-policy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution. | |||||
| CVE-2020-7673 | 1 Node-extend Project | 1 Node-extend | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution. | |||||
| CVE-2020-7672 | 1 Mosc Project | 1 Mosc | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` argument is executed by the `eval` function, resulting in code execution. | |||||
| CVE-2020-7609 | 1 Node-rules Project | 1 Node-rules | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization. | |||||