Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7630 | 1 Git-add-remote Project | 1 Git-add-remote | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | |||||
| CVE-2020-7626 | 1 Karma-mojo Project | 1 Karma-mojo | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | |||||
| CVE-2020-7624 | 1 Effect Project | 1 Effect | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | |||||
| CVE-2020-7646 | 1 Curlrequest Project | 1 Curlrequest | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | |||||
| CVE-2020-7237 | 1 Cacti | 1 Cacti | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. | |||||
| CVE-2020-3602 | 1 Cisco | 3 Asr 5500, Asr 5700, Staros | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command. | |||||
| CVE-2020-3601 | 1 Cisco | 3 Asr 5500, Asr 5700, Staros | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device. | |||||
| CVE-2020-3417 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device. | |||||
| CVE-2020-3586 | 1 Cisco | 1 Dna Spaces\ | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application. | |||||
| CVE-2020-3377 | 1 Cisco | 1 Data Center Network Manager | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. | |||||
| CVE-2020-3371 | 1 Cisco | 1 Integrated Management Controller | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level. | |||||
| CVE-2020-3430 | 1 Cisco | 1 Jabber | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software. | |||||
| CVE-2020-28432 | 2023-11-07 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | |||||
| CVE-2020-28431 | 2023-11-07 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | |||||
| CVE-2020-26085 | 1 Cisco | 1 Jabber | 2023-11-07 | 9.0 HIGH | 9.9 CRITICAL |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-1930 | 1 Apache | 1 Spamassassin | 2023-11-07 | 9.3 HIGH | 8.1 HIGH |
| A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges. | |||||
| CVE-2020-21883 | 1 Indionetworks | 10 Unibox U1000, Unibox U1000 Firmware, Unibox U2500 and 7 more | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. | |||||