Total
4800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1585 | 1 Cisco | 1 Adaptive Security Device Manager | 2024-11-21 | 7.5 High |
| A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM. | ||||
| CVE-2021-1518 | 1 Cisco | 1 Firepower Device Manager On-box | 2024-11-21 | 6.3 Medium |
| A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials. | ||||
| CVE-2021-1362 | 1 Cisco | 4 Prime License Manager, Unified Communications Manager, Unified Communications Manager Im \& Presence Service and 1 more | 2024-11-21 | 8.8 High |
| A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device. | ||||
| CVE-2021-0157 | 1 Intel | 484 Celeron N2805, Celeron N2806, Celeron N2807 and 481 more | 2024-11-21 | 6.7 Medium |
| Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-9530 | 1 Mi | 1 Miui Firmware | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54. | ||||
| CVE-2020-9406 | 1 Iblsoft | 1 Online Weather | 2024-11-21 | 9.8 Critical |
| IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | ||||
| CVE-2020-8518 | 3 Debian, Fedoraproject, Horde | 3 Debian Linux, Fedora, Groupware | 2024-11-21 | 9.8 Critical |
| Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | ||||
| CVE-2020-8349 | 1 Lenovo | 10 Cloud Networking Operating System, Rackswitch G8272, Rackswitch G8296 and 7 more | 2024-11-21 | 9.8 Critical |
| An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL. | ||||
| CVE-2020-8274 | 1 Citrix | 1 Secure Mail | 2024-11-21 | 6.5 Medium |
| Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | ||||
| CVE-2020-8224 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 7.8 High |
| A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | ||||
| CVE-2020-8194 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2024-11-21 | 6.5 Medium |
| Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. | ||||
| CVE-2020-8180 | 1 Nextcloud | 1 Talk | 2024-11-21 | 9.9 Critical |
| A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | ||||
| CVE-2020-8163 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2024-11-21 | 8.8 High |
| The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | ||||
| CVE-2020-8149 | 1 Logkitty Project | 1 Logkitty | 2024-11-21 | 9.8 Critical |
| Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | ||||
| CVE-2020-8141 | 1 Dot Project | 1 Dot | 2024-11-21 | 8.8 High |
| The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype. | ||||
| CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-11-21 | 6.7 Medium |
| A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | ||||
| CVE-2020-8137 | 1 Blamer Project | 1 Blamer | 2024-11-21 | 9.8 Critical |
| Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. | ||||
| CVE-2020-8132 | 1 Pdf-image Project | 1 Pdf-image | 2024-11-21 | 9.8 Critical |
| Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | ||||
| CVE-2020-8129 | 1 Script-manager Project | 1 Script-manager | 2024-11-21 | 9.8 Critical |
| An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | ||||
| CVE-2020-7745 | 1 Mintegral | 1 Mintegraladsdk | 2024-11-21 | 7.1 High |
| This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device. | ||||