Total
2534 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25626 | 3 Debian, Encode, Redhat | 4 Debian Linux, Django Rest Framework, Ansible Tower and 1 more | 2024-11-21 | 6.1 Medium |
| A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. | ||||
| CVE-2020-25217 | 1 Grandstream | 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more | 2024-11-21 | 7.2 High |
| Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. | ||||
| CVE-2020-25079 | 1 Dlink | 4 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | ||||
| CVE-2020-25067 | 1 Netgear | 2 R8300, R8300 Firmware | 2024-11-21 | 9.6 Critical |
| NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. | ||||
| CVE-2020-24634 | 1 Arubanetworks | 15 7005, 7008, 7010 and 12 more | 2024-11-21 | 9.8 Critical |
| An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | ||||
| CVE-2020-24561 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 9.1 Critical |
| A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | ||||
| CVE-2020-23639 | 1 Moxa | 2 Vport 461, Vport 461 Firmware | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. | ||||
| CVE-2020-22570 | 1 Memcached | 1 Memcached | 2024-11-21 | 7.5 High |
| Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | ||||
| CVE-2020-21785 | 1 Ibos | 1 Ibos | 2024-11-21 | 8.8 High |
| In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | ||||
| CVE-2020-20951 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 9.8 Critical |
| In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | ||||
| CVE-2020-1980 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.8 High |
| A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions. | ||||
| CVE-2020-1811 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 8.8 High |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. | ||||
| CVE-2020-1790 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 8.8 High |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. | ||||
| CVE-2020-19151 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 8.8 High |
| Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | ||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 9.8 Critical |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | ||||
| CVE-2020-18885 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 7.2 High |
| Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | ||||
| CVE-2020-18758 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-11-21 | 9.8 Critical |
| An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code. | ||||
| CVE-2020-18048 | 1 Bertanddip | 1 Craigms | 2024-11-21 | 9.8 Critical |
| An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. | ||||
| CVE-2020-17759 | 2 Evernote, Microsoft | 4 Evernote, Windows 10, Windows 7 and 1 more | 2024-11-21 | 8.8 High |
| An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. | ||||
| CVE-2020-17504 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2024-11-21 | 7.2 High |
| The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. | ||||