Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8130 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 6.9 MEDIUM | 6.4 MEDIUM |
| There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | |||||
| CVE-2020-7712 | 2 Joyent, Oracle | 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | |||||
| CVE-2020-7646 | 1 Curlrequest Project | 1 Curlrequest | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | |||||
| CVE-2020-7640 | 1 Pixlcore | 1 Pixl-class | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. | |||||
| CVE-2020-7630 | 1 Git-add-remote Project | 1 Git-add-remote | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | |||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7627 | 1 Node-key-sender Project | 1 Node-key-sender | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function. | |||||
| CVE-2020-7626 | 1 Karma-mojo Project | 1 Karma-mojo | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | |||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | |||||
| CVE-2020-7624 | 1 Effect Project | 1 Effect | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | |||||
| CVE-2020-7623 | 1 Jscover Project | 1 Jscover | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
| CVE-2020-7620 | 1 Netease | 1 Pomelo-monitor | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. | |||||
| CVE-2020-7619 | 1 Get-git-data Project | 1 Get-git-data | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. | |||||
| CVE-2020-7237 | 1 Cacti | 1 Cacti | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. | |||||
| CVE-2020-3602 | 1 Cisco | 3 Asr 5500, Asr 5700, Staros | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command. | |||||
| CVE-2020-3601 | 1 Cisco | 3 Asr 5500, Asr 5700, Staros | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device. | |||||
| CVE-2020-3586 | 1 Cisco | 1 Dna Spaces\ | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application. | |||||
| CVE-2020-3430 | 1 Cisco | 1 Jabber | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software. | |||||
| CVE-2020-3417 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device. | |||||