Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8946 | 1 Netis-systems | 2 Wf2471, Wf2471 Firmware | 2020-02-21 | 9.0 HIGH | 8.8 HIGH |
| Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. | |||||
| CVE-2020-9021 | 1 Postoaktraffic | 2 Awam Bluetooth Field Device, Awam Bluetooth Field Device Firmware | 2020-02-20 | 10.0 HIGH | 9.8 CRITICAL |
| Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | |||||
| CVE-2020-7597 | 1 Codecov | 1 Codecov | 2020-02-20 | 6.5 MEDIUM | 8.8 HIGH |
| codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. | |||||
| CVE-2014-4981 | 1 Xorux | 1 Lpar2rrd | 2020-02-20 | 10.0 HIGH | 9.8 CRITICAL |
| LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | |||||
| CVE-2020-8858 | 1 Moxa | 4 Mgate 5105-mb-eip, Mgate 5105-mb-eip-t, Mgate 5105-mb-eip-t Firmware and 1 more | 2020-02-19 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552. | |||||
| CVE-2020-9020 | 1 Iteris | 2 Vantage Velocity, Vantage Velocity Firmware | 2020-02-19 | 10.0 HIGH | 9.8 CRITICAL |
| Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | |||||
| CVE-2020-9026 | 1 Eltex-co | 4 Ntp-2, Ntp-2 Firmware, Ntp-rg-1402g and 1 more | 2020-02-19 | 10.0 HIGH | 9.8 CRITICAL |
| ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. | |||||
| CVE-2020-9027 | 1 Eltex-co | 4 Ntp-2, Ntp-2 Firmware, Ntp-rg-1402g and 1 more | 2020-02-19 | 10.0 HIGH | 9.8 CRITICAL |
| ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. | |||||
| CVE-2020-7237 | 1 Cacti | 1 Cacti | 2020-02-18 | 9.0 HIGH | 8.8 HIGH |
| Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. | |||||
| CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | |||||
| CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | |||||
| CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | |||||
| CVE-2012-6598 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080. | |||||
| CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | |||||
| CVE-2012-6595 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595. | |||||
| CVE-2012-6602 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122. | |||||
| CVE-2012-6594 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. | |||||
| CVE-2012-6593 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088. | |||||
| CVE-2012-6592 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. | |||||
| CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | |||||