Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1146 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
| CVE-2021-1142 | 1 Cisco | 1 Smart Software Manager Satellite | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1141 | 1 Cisco | 1 Smart Software Manager Satellite | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1140 | 1 Cisco | 1 Smart Software Manager Satellite | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1139 | 1 Cisco | 1 Smart Software Manager Satellite | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1138 | 1 Cisco | 1 Smart Software Manager Satellite | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-8813 | 5 Cacti, Debian, Fedoraproject and 2 more | 6 Cacti, Debian Linux, Fedora and 3 more | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | |||||
| CVE-2020-8515 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. | |||||
| CVE-2020-8130 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 6.9 MEDIUM | 6.4 MEDIUM |
| There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | |||||
| CVE-2020-7712 | 2 Joyent, Oracle | 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | |||||
| CVE-2020-7646 | 1 Curlrequest Project | 1 Curlrequest | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | |||||
| CVE-2020-7640 | 1 Pixlcore | 1 Pixl-class | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. | |||||
| CVE-2020-7630 | 1 Git-add-remote Project | 1 Git-add-remote | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | |||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7627 | 1 Node-key-sender Project | 1 Node-key-sender | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function. | |||||
| CVE-2020-7626 | 1 Karma-mojo Project | 1 Karma-mojo | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | |||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | |||||
| CVE-2020-7624 | 1 Effect Project | 1 Effect | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | |||||
| CVE-2020-7623 | 1 Jscover Project | 1 Jscover | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||