Total
4533 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35715 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 8.8 High |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | ||||
| CVE-2020-35714 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 8.8 High |
| Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | ||||
| CVE-2020-35713 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 9.8 Critical |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | ||||
| CVE-2020-35665 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.8 Critical |
| An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. | ||||
| CVE-2020-35606 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. | ||||
| CVE-2020-35578 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands. | ||||
| CVE-2020-35576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | 8.8 High |
| A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. | ||||
| CVE-2020-35476 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | ||||
| CVE-2020-35459 | 2 Clusterlabs, Debian | 2 Crmsh, Debian Linux | 2024-11-21 | 7.8 High |
| An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. | ||||
| CVE-2020-35458 | 1 Clusterlabs | 1 Hawk | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser. | ||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | ||||
| CVE-2020-2508 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 7.2 High |
| A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) | ||||
| CVE-2020-2507 | 1 Qnap | 1 Helpdesk | 2024-11-21 | 9.8 Critical |
| The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | ||||
| CVE-2020-2492 | 1 Qnap | 1 Qts | 2024-11-21 | 7.2 High |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | ||||
| CVE-2020-2490 | 1 Qnap | 1 Qts | 2024-11-21 | 7.2 High |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | ||||
| CVE-2020-2276 | 1 Jenkins | 1 Selection Tasks | 2024-11-21 | 8.8 High |
| Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | ||||
| CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 8.8 High |
| Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | ||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2024-11-21 | 8.8 High |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | ||||
| CVE-2020-2159 | 1 Jenkins | 1 Cryptomove | 2024-11-21 | 8.8 High |
| Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | ||||
| CVE-2020-2038 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.2 High |
| An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1. | ||||