Total
4800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20298 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 9.8 Critical |
| Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | ||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | ||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 9.8 Critical |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | ||||
| CVE-2020-18172 | 1 Trezor | 1 Bridge | 2024-11-21 | 9.8 Critical |
| A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | ||||
| CVE-2020-15865 | 1 Stimulsoft | 1 Reports | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server. | ||||
| CVE-2020-15801 | 3 Microsoft, Netapp, Python | 3 Windows, Max Data, Python | 2024-11-21 | 9.8 Critical |
| In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. | ||||
| CVE-2020-15591 | 1 Uni-stuttgart | 1 Frams\' Fast File Exchange | 2024-11-21 | 9.8 Critical |
| fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | ||||
| CVE-2020-15371 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | ||||
| CVE-2020-15348 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | ||||
| CVE-2020-15252 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 8.5 High |
| In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6. | ||||
| CVE-2020-15227 | 2 Debian, Nette | 2 Debian Linux, Application | 2024-11-21 | 8.7 High |
| Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. | ||||
| CVE-2020-15171 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 6.6 Medium |
| In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users. | ||||
| CVE-2020-15167 | 1 Johnkerl | 1 Miller | 2024-11-21 | 8.2 High |
| In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1. | ||||
| CVE-2020-15150 | 1 Duffel | 1 Paginator | 2024-11-21 | 9 Critical |
| There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5. | ||||
| CVE-2020-15147 | 1 Cogboard | 1 Red Discord Bot | 2024-11-21 | 8.5 High |
| Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue. | ||||
| CVE-2020-15142 | 1 Openapi-python-client Project | 1 Openapi-python-client | 2024-11-21 | 8 High |
| In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. | ||||
| CVE-2020-15070 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 8.8 High |
| Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. | ||||
| CVE-2020-13756 | 1 Sabberworm | 1 Php Css Parser | 2024-11-21 | 9.8 Critical |
| Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. | ||||
| CVE-2020-13144 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 8.8 High |
| Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. | ||||
| CVE-2020-12826 | 3 Canonical, Linux, Redhat | 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | 5.3 Medium |
| A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. | ||||