Total
5058 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8130 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 6.4 Medium |
| There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | ||||
| CVE-2020-8126 | 1 Ui | 1 Edgeswitch | 2024-11-21 | 7.8 High |
| A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | ||||
| CVE-2020-8105 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | 9.6 Critical |
| OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz. | ||||
| CVE-2020-7980 | 1 Intelliantech | 1 Aptus Web | 2024-11-21 | 9.8 Critical |
| Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. | ||||
| CVE-2020-7879 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 8.8 High |
| This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. | ||||
| CVE-2020-7825 | 1 Tobesoft | 1 Miplatform | 2024-11-21 | 8.8 High |
| A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform. | ||||
| CVE-2020-7805 | 1 Infomark | 4 Iml500, Iml500 Firmware, Iml520 and 1 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands. | ||||
| CVE-2020-7804 | 2 Handysoft, Microsoft | 4 Groupware, Windows 10, Windows 7 and 1 more | 2024-11-21 | 6.4 Medium |
| ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. | ||||
| CVE-2020-7794 | 1 Buns Project | 1 Buns | 2024-11-21 | 9.8 Critical |
| This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule). | ||||
| CVE-2020-7789 | 2 Node-notifier Project, Redhat | 2 Node-notifier, Ansible Automation Platform | 2024-11-21 | 5.6 Medium |
| This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array. | ||||
| CVE-2020-7786 | 1 Macfromip Project | 1 Macfromip | 2024-11-21 | 9.8 Critical |
| This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js. | ||||
| CVE-2020-7785 | 1 Node-ps Project | 1 Node-ps | 2024-11-21 | 9.8 Critical |
| This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js. | ||||
| CVE-2020-7784 | 1 Ts-process-promises Project | 1 Ts-process-promises | 2024-11-21 | 9.8 Critical |
| This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC: | ||||
| CVE-2020-7782 | 1 Spritesheet-js Project | 1 Spritesheet-js | 2024-11-21 | 9.8 Critical |
| This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package. | ||||
| CVE-2020-7781 | 1 Connection-tester Project | 1 Connection-tester | 2024-11-21 | 9.8 Critical |
| This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | ||||
| CVE-2020-7778 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 7.3 High |
| This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. | ||||
| CVE-2020-7775 | 1 Freediskspace Project | 1 Freediskproject | 2024-11-21 | 9.8 Critical |
| This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | ||||
| CVE-2020-7752 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 8.8 High |
| This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. | ||||
| CVE-2020-7735 | 1 Ng-packagr Project | 1 Ng-packagr | 2024-11-21 | 6.6 Medium |
| The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | ||||
| CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2024-11-21 | 9.8 Critical |
| The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | ||||