Total
3060 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3176 | 1 Cisco | 6 Remote Phy 120, Remote Phy 120 Firmware, Remote Phy 220 and 3 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker ...
Show More |
|||||
| CVE-2020-36650 | 1 Gry Project | 1 Gry | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The patch is named 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.
|
|||||
| CVE-2020-36642 | 1 Jobe Project | 1 Jobe | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.
|
|||||
| CVE-2020-36529 | 1 Ibm | 1 Sevone Network Performance Management | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.
|
|||||
| CVE-2020-36463 | 1 Multiqueue Project | 1 Multiqueue | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.
|
|||||
| CVE-2020-36462 | 1 Syncpool Project | 1 Syncpool | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.
|
|||||
| CVE-2020-36461 | 1 Noise Search Project | 1 Noise Search | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock.
|
|||||
| CVE-2020-36459 | 1 Dces Project | 1 Dces | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore.
|
|||||
| CVE-2020-36457 | 1 Lever Project | 1 Lever | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox<T> implements the Send and Sync traits for all types T.
|
|||||
| CVE-2020-36456 | 1 Toolshed Project | 1 Toolshed | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell<T>, the Send trait lacks bounds on the contained type.
|
|||||
| CVE-2020-36455 | 1 Brokenlamp | 1 Slock | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock<T> unconditionally implements Send and Sync.
|
|||||
| CVE-2020-36451 | 1 Rcu Cell Project | 1 Rcu Cell | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the rcu_cell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell<T>.
|
|||||
| CVE-2020-36450 | 1 Bunch Project | 1 Bunch | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch<T>.
|
|||||
| CVE-2020-36449 | 1 Kekbit Project | 1 Kekbit | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter<H>, Send is implemented without requiring H: Send.
|
|||||
| CVE-2020-36448 | 1 Cache Project | 1 Cache | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for Cache<K>.
|
|||||
| CVE-2020-36198 | 1 Qnap | 1 Malware Remover | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x.
|
|||||
| CVE-2020-35798 | 1 Netgear | 60 R6400v2, R6400v2 Firmware, R6700v3 and 57 more | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1. ...
Show More |
|||||
| CVE-2020-35794 | 1 Netgear | 14 Rbk752, Rbk752 Firmware, Rbk852 and 11 more | 2024-11-21 | 5.2 MEDIUM | 8.4 HIGH |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
|
|||||
| CVE-2020-35793 | 1 Netgear | 10 D7800, D7800 Firmware, R7500 and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.1 MEDIUM |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.
|
|||||
| CVE-2020-35792 | 1 Netgear | 8 R7500, R7500 Firmware, R7800 and 5 more | 2024-11-21 | 5.2 MEDIUM | 8.3 HIGH |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68.
|
|||||
| CVE-2020-35791 | 1 Netgear | 6 R7800, R7800 Firmware, R8900 and 3 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.
|
|||||
| CVE-2020-35790 | 1 Netgear | 8 D7800, D7800 Firmware, R7800 and 5 more | 2024-11-21 | 5.2 MEDIUM | 6.4 MEDIUM |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.
|
|||||
| CVE-2020-35777 | 1 Netgear | 2 Dgn2200v1, Dgn2200v1 Firmware | 2024-11-21 | 7.7 HIGH | 8.4 HIGH |
|
NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.
|
|||||
| CVE-2020-2508 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later)
|
|||||
| CVE-2020-2507 | 1 Qnap | 1 Helpdesk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
|
|||||
| CVE-2020-2492 | 1 Qnap | 1 Qts | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
|
|||||
| CVE-2020-2490 | 1 Qnap | 1 Qts | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
|
|||||
| CVE-2020-29548 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
|
|||||
| CVE-2020-29299 | 1 Zyxel | 7 Atp, Nsg, Nsg Firmware and 4 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.
|
|||||
| CVE-2020-28908 | 1 Nagios | 1 Fusion | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
|
|||||
| CVE-2020-28902 | 1 Nagios | 1 Fusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
|
|||||
| CVE-2020-28901 | 1 Nagios | 1 Fusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
|
|||||
| CVE-2020-28453 | 1 Npos-tesseract Project | 1 Npos-tesseract | 2024-11-21 | N/A | 9.4 CRITICAL |
|
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.
|
|||||
| CVE-2020-28451 | 1 Image-tiler Project | 1 Image-tiler | 2024-11-21 | N/A | 9.8 CRITICAL |
|
This affects the package image-tiler before 2.0.2.
|
|||||
| CVE-2020-28447 | 1 Xopen Project | 1 Xopen | 2024-11-21 | N/A | 9.8 CRITICAL |
|
This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)
|
|||||
| CVE-2020-28446 | 1 Ntesseract Project | 1 Ntesseract | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.
|
|||||
| CVE-2020-28445 | 1 Npm-help Project | 1 Npm-help | 2024-11-21 | N/A | 9.8 CRITICAL |
|
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.
|
|||||
| CVE-2020-28443 | 1 Sonar-wrapper Project | 1 Sonar-wrapper | 2024-11-21 | N/A | 9.8 CRITICAL |
|
This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.
|
|||||
| CVE-2020-28438 | 1 Deferred-exec Project | 1 Deferred-exec | 2024-11-21 | N/A | 9.8 CRITICAL |
|
This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js
|
|||||
| CVE-2020-28437 | 1 Heroku-env Project | 1 Heroku-env | 2024-11-21 | N/A | 9.4 CRITICAL |
|
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.
|
|||||