Filtered by CWE-77
Total 2489 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-3277 1 Cisco 12 Rv016, Rv016 Firmware, Rv042 and 9 more 2024-11-21 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.
CVE-2020-3276 1 Cisco 12 Rv016, Rv016 Firmware, Rv042 and 9 more 2024-11-21 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.
CVE-2020-3275 1 Cisco 12 Rv016, Rv016 Firmware, Rv042 and 9 more 2024-11-21 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.
CVE-2020-3274 1 Cisco 12 Rv016, Rv016 Firmware, Rv042 and 9 more 2024-11-21 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.
CVE-2020-3266 1 Cisco 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more 2024-11-21 7.8 High
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
CVE-2020-3224 1 Cisco 1 Ios Xe 2024-11-21 8.8 High
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition.
CVE-2020-3219 1 Cisco 1 Ios Xe 2024-11-21 8.8 High
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.
CVE-2020-3212 1 Cisco 1 Ios Xe 2024-11-21 7.2 High
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device.
CVE-2020-3211 1 Cisco 1 Ios Xe 2024-11-21 7.2 High
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise.
CVE-2020-3210 1 Cisco 5 1120, 1240, 809 and 2 more 2024-11-21 6.7 Medium
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user.
CVE-2020-3207 1 Cisco 56 Catalyst 3650-12x48uq, Catalyst 3650-12x48ur, Catalyst 3650-12x48uz and 53 more 2024-11-21 6.7 Medium
A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges.
CVE-2020-3176 1 Cisco 6 Remote Phy 120, Remote Phy 120 Firmware, Remote Phy 220 and 3 more 2024-11-21 6.7 Medium
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise.
CVE-2020-36650 1 Gry Project 1 Gry 2024-11-21 5.5 Medium
A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The patch is named 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.
CVE-2020-36463 1 Multiqueue Project 1 Multiqueue 2024-11-21 8.1 High
An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.
CVE-2020-36462 1 Syncpool Project 1 Syncpool 2024-11-21 8.1 High
An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.
CVE-2020-36461 1 Noise Search Project 1 Noise Search 2024-11-21 8.1 High
An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock.
CVE-2020-36459 1 Dces Project 1 Dces 2024-11-21 8.1 High
An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore.
CVE-2020-36457 1 Lever Project 1 Lever 2024-11-21 8.1 High
An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox<T> implements the Send and Sync traits for all types T.
CVE-2020-36456 1 Toolshed Project 1 Toolshed 2024-11-21 8.1 High
An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell<T>, the Send trait lacks bounds on the contained type.
CVE-2020-36455 1 Brokenlamp 1 Slock 2024-11-21 8.1 High
An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock<T> unconditionally implements Send and Sync.