Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13694 | 1 Quickbox | 1 Quickbox | 2020-06-02 | 9.0 HIGH | 8.8 HIGH |
| In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option. | |||||
| CVE-2014-7173 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2020-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | |||||
| CVE-2020-8171 | 1 Ui | 51 Ag-hp-2g16, Ag-hp-2g20, Ag-hp-5g23 and 48 more | 2020-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | |||||
| CVE-2020-13252 | 1 Centreon | 1 Centreon | 2020-05-21 | 9.0 HIGH | 8.8 HIGH |
| Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. | |||||
| CVE-2020-2007 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-19 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-2014 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-14 | 9.0 HIGH | 8.8 HIGH |
| An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-2010 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-14 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-2008 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-14 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. | |||||
| CVE-2020-7805 | 1 Infomark | 4 Iml500, Iml500 Firmware, Iml520 and 1 more | 2020-05-14 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands. | |||||
| CVE-2020-6651 | 1 Eaton | 1 Intelligent Power Manager | 2020-05-12 | 6.0 MEDIUM | 7.3 HIGH |
| Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | |||||
| CVE-2020-10795 | 1 Gira | 2 Tks-ip-gateway, Tks-ip-gateway Firmware | 2020-05-12 | 9.0 HIGH | 7.2 HIGH |
| Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access. | |||||
| CVE-2020-12111 | 1 Tp-link | 4 Nc260, Nc260 Firmware, Nc450 and 1 more | 2020-05-12 | 9.0 HIGH | 8.8 HIGH |
| Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. | |||||
| CVE-2018-15726 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2020-05-11 | 4.6 MEDIUM | 5.3 MEDIUM |
| The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | |||||
| CVE-2018-18858 | 1 Liquidvpn | 1 Liquidvpn | 2020-05-11 | 7.2 HIGH | 7.8 HIGH |
| Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command. | |||||
| CVE-2018-18856 | 1 Liquidvpn | 1 Liquidvpn | 2020-05-11 | 7.2 HIGH | 7.8 HIGH |
| Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command. | |||||
| CVE-2018-18859 | 1 Liquidvpn | 1 Liquidvpn | 2020-05-11 | 7.2 HIGH | 7.8 HIGH |
| Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call. | |||||
| CVE-2018-18857 | 1 Liquidvpn | 1 Liquidvpn | 2020-05-11 | 7.2 HIGH | 7.8 HIGH |
| Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command. | |||||
| CVE-2019-17650 | 1 Fortinet | 1 Forticlient | 2020-05-11 | 7.2 HIGH | 7.8 HIGH |
| An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | |||||
| CVE-2020-5332 | 1 Rsa | 1 Archer | 2020-05-11 | 9.0 HIGH | 7.2 HIGH |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed. | |||||
| CVE-2020-4428 | 1 Ibm | 1 Data Risk Manager | 2020-05-08 | 9.0 HIGH | 9.1 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | |||||