Total
4249 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5868 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. | |||||
| CVE-2020-5791 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | |||||
| CVE-2020-5760 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | |||||
| CVE-2020-5759 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. | |||||
| CVE-2020-5758 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. | |||||
| CVE-2020-5757 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API. | |||||
| CVE-2020-5756 | 1 Grandstream | 2 Gwn7000, Gwn7000 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. | |||||
| CVE-2020-5685 | 1 Nec | 4 Univerge Sv8500, Univerge Sv8500 Firmware, Univerge Sv9500 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL. | |||||
| CVE-2020-5636 | 1 Necplatforms | 2 Aterm Sa3500g, Aterm Sa3500g Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution. | |||||
| CVE-2020-5635 | 1 Necplatforms | 2 Aterm Sa3500g, Aterm Sa3500g Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution. | |||||
| CVE-2020-5626 | 1 Infoscience | 2 Elc Analytics, Logstorage | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file. | |||||
| CVE-2020-5561 | 1 Keijiban Tsumiki Project | 1 Keijiban Tsumiki | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2020-5560 | 1 Wl-enq Project | 1 Wl-enq | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors. | |||||
| CVE-2020-5556 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2020-5535 | 1 Plathome | 2 Openblocks Iot Vx2, Openblocks Iot Vx2 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2020-5534 | 1 Nec | 2 Aterm Wg2600hs, Aterm Wg2600hs Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2020-5525 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. | |||||
| CVE-2020-5524 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | |||||
| CVE-2020-5505 | 1 Vaaip | 1 Freelancy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. | |||||
| CVE-2020-5352 | 1 Dell | 1 Emc Data Protection Advisor | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. | |||||