Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8797 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2021-07-21 | 6.9 MEDIUM | 6.7 MEDIUM |
| Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network. | |||||
| CVE-2020-11699 | 1 Titanhq | 1 Spamtitan | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. | |||||
| CVE-2019-3702 | 1 Lifesize | 6 Icon 300, Icon 300 Firmware, Icon 500 and 3 more | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request. | |||||
| CVE-2020-16279 | 1 Rangee | 1 Rangeeos | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization. | |||||
| CVE-2020-16257 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Winston 1.5.4 devices are vulnerable to command injection via the API. | |||||
| CVE-2020-12393 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2019-15490 | 1 It-novum | 1 Openitcockpit | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. | |||||
| CVE-2020-25759 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests. | |||||
| CVE-2019-15311 | 1 Linkplay | 1 Linkplay | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities. | |||||
| CVE-2019-15310 | 1 Linkplay | 1 Linkplay | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled. | |||||
| CVE-2020-10879 | 1 Rconfig | 1 Rconfig | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | |||||
| CVE-2020-11733 | 1 Spirent | 3 Avalanche, C100-mp, Testcenter | 2021-07-21 | 9.0 HIGH | 6.7 MEDIUM |
| An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials. | |||||
| CVE-2020-20184 | 1 Liftoffsoftware | 1 Gateone | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection. | |||||
| CVE-2019-16730 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2020-13167 | 1 Netsweeper | 1 Netsweeper | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. | |||||
| CVE-2020-12242 | 1 Valvesoftware | 1 Source | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. | |||||
| CVE-2019-14479 | 1 Adremsoft | 1 Netcrunch | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. | |||||
| CVE-2019-14423 | 1 Eq-3 | 3 Ccu2, Ccu2 Firmware, Cux-daemon | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request. | |||||
| CVE-2020-11766 | 2 Avantfax, Ifax | 2 Avantfax, Hylafax | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. | |||||
| CVE-2020-25494 | 1 Xinuos | 1 Openserver | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. | |||||