Total
2339 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25847 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 8.8 High |
| This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. | ||||
| CVE-2020-25626 | 3 Debian, Encode, Redhat | 4 Debian Linux, Django Rest Framework, Ansible Tower and 1 more | 2024-11-21 | 6.1 Medium |
| A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. | ||||
| CVE-2020-25217 | 1 Grandstream | 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more | 2024-11-21 | 7.2 High |
| Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. | ||||
| CVE-2020-25079 | 1 Dlink | 4 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | ||||
| CVE-2020-25067 | 1 Netgear | 2 R8300, R8300 Firmware | 2024-11-21 | 9.6 Critical |
| NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. | ||||
| CVE-2020-24634 | 1 Arubanetworks | 15 7005, 7008, 7010 and 12 more | 2024-11-21 | 9.8 Critical |
| An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | ||||
| CVE-2020-24561 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 9.1 Critical |
| A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | ||||
| CVE-2020-23639 | 1 Moxa | 2 Vport 461, Vport 461 Firmware | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. | ||||
| CVE-2020-23584 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2024-11-21 | 9.8 Critical |
| Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution. | ||||
| CVE-2020-23583 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2024-11-21 | 9.8 Critical |
| OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system. | ||||
| CVE-2020-22662 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2024-11-21 | 7.5 High |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI. | ||||
| CVE-2020-22570 | 1 Memcached | 1 Memcached | 2024-11-21 | 7.5 High |
| Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | ||||
| CVE-2020-21785 | 1 Ibos | 1 Ibos | 2024-11-21 | 8.8 High |
| In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | ||||
| CVE-2020-20951 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 9.8 Critical |
| In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | ||||
| CVE-2020-1980 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.8 High |
| A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions. | ||||
| CVE-2020-1811 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 8.8 High |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. | ||||
| CVE-2020-1790 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 8.8 High |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. | ||||
| CVE-2020-19151 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 8.8 High |
| Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | ||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 9.8 Critical |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | ||||
| CVE-2020-18885 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 7.2 High |
| Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | ||||