Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8466 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | |||||
| CVE-2020-19664 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | |||||
| CVE-2020-25094 | 1 Logrhythm | 1 Platform Manager | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges. | |||||
| CVE-2020-8429 | 1 Kinetica | 1 Kinetica | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command. | |||||
| CVE-2020-24899 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. | |||||
| CVE-2020-28431 | 2021-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2020-7794 | 1 Buns Project | 1 Buns | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule). | |||||
| CVE-2020-8126 | 1 Ui | 1 Edgeswitch | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | |||||
| CVE-2020-25506 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | |||||
| CVE-2020-7781 | 1 Connection-tester Project | 1 Connection-tester | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | |||||
| CVE-2020-12393 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2020-7752 | 1 Systeminformation | 1 Systeminformation | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. | |||||
| CVE-2019-12787 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. | |||||
| CVE-2020-7782 | 1 Spritesheet-js Project | 1 Spritesheet-js | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package. | |||||
| CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | |||||
| CVE-2020-7698 | 1 Gerapy | 1 Gerapy | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized. | |||||
| CVE-2020-7784 | 1 Ts-process-promises Project | 1 Ts-process-promises | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC: | |||||
| CVE-2020-7635 | 1 Compass-compile Project | 1 Compass-compile | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | |||||
| CVE-2020-7636 | 1 Adb-driver Project | 1 Adb-driver | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | |||||
| CVE-2020-7633 | 1 Apiconnect-cli-plugins Project | 1 Apiconnect-cli-plugins | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | |||||