Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11698 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. | |||||
| CVE-2020-11496 | 1 Sprecher-automation | 1 Sprecon-e | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device. | |||||
| CVE-2020-11117 | 1 Qualcomm | 14 Ipq4019, Ipq4019 Firmware, Ipq6018 and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980 | |||||
| CVE-2020-11084 | 1 Ipear Project | 1 Ipear | 2024-11-21 | 5.5 MEDIUM | 6.4 MEDIUM |
| In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC. | |||||
| CVE-2020-11079 | 1 Node-dns-sync Project | 1 Node-dns-sync | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1. | |||||
| CVE-2020-11073 | 1 Autoswitch Python Virtualenv Project | 1 Autoswitch Python Virtualenv | 2024-11-21 | 4.6 MEDIUM | 7.9 HIGH |
| In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0 | |||||
| CVE-2020-10826 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | |||||
| CVE-2020-10666 | 1 Sangoma | 2 Freepbx, Restapps | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. | |||||
| CVE-2020-10580 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application. | |||||
| CVE-2020-10561 | 1 Mi | 2 Mijia Inkjet Printer, Mijia Inkjet Printer Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities. | |||||
| CVE-2020-10519 | 1 Github | 1 Github | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program. | |||||
| CVE-2020-10518 | 1 Github | 1 Github | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. | |||||
| CVE-2020-10514 | 1 Icatchinc | 1 Dvr Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. | |||||
| CVE-2020-0130 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379 | |||||
| CVE-2019-9972 | 2 3cx, Debian | 3 Phone System, Phone System Firmware, Debian Linux | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. | |||||
| CVE-2019-9743 | 1 Phoenixcontact | 4 Rad-80211-xd, Rad-80211-xd\/hp-bus, Rad-80211-xd\/hp-bus Firmware and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. | |||||
| CVE-2019-9507 | 1 Vertiv | 2 Avocent Umg-4000, Avocent Umg-4000 Firmware | 2024-11-21 | 9.0 HIGH | 8.3 HIGH |
| The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root. | |||||
| CVE-2019-9467 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910 | |||||
| CVE-2019-9254 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-9059 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature. | |||||