Total
4244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15357 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | |||||
| CVE-2020-15272 | 1 Git-tag-annotation-action Project | 1 Git-tag-annotation-action | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has been patched in version 1.0.1. If you don't use the `tag` input you are most likely safe. The `GITHUB_REF` environment variable is protected by the GitHub Actions environment so attacks from there should be impossible. If you must use the `tag` input and cannot upgrade to `> 1.0.0` make sure that the value is not controlled by another Action. | |||||
| CVE-2020-15271 | 1 Lookatme Project | 1 Lookatme | 2024-11-21 | 9.3 HIGH | 9.3 CRITICAL |
| In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme. | |||||
| CVE-2020-15123 | 1 Codecov | 1 Codecov | 2024-11-21 | 6.8 MEDIUM | 9.3 CRITICAL |
| In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE (CVE-2020-7597 for GHSA-5q88-cjfq-g2mh) was issued but the fix was incomplete. It only blocked &, and command injection is still possible using backticks instead to bypass the sanitizer. The attack surface is low in this case. Particularly in the standard use of codecov, where the module is used directly in a build pipeline, not built against as a library in another application that may supply malicious input and perform command injection. | |||||
| CVE-2020-15121 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 6.8 MEDIUM | 7.4 HIGH |
| In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory. | |||||
| CVE-2020-14950 | 1 Aapanel | 1 Aapanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | |||||
| CVE-2020-14947 | 1 Factorfx | 1 Open Computer Software Inventory Next Generation | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. | |||||
| CVE-2020-14414 | 1 Nedi | 1 Nedi | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.) | |||||
| CVE-2020-14412 | 1 Nedi | 1 Nedi | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.) | |||||
| CVE-2020-14342 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Cifs-utils | 2024-11-21 | 4.4 MEDIUM | 4.4 MEDIUM |
| It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges. | |||||
| CVE-2020-14324 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. | |||||
| CVE-2020-14293 | 1 Secudos | 1 Domos | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface). | |||||
| CVE-2020-14162 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command. | |||||
| CVE-2020-14144 | 1 Gitea | 1 Gitea | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides. | |||||
| CVE-2020-14081 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | |||||
| CVE-2020-14075 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. | |||||
| CVE-2020-14072 | 1 Mk-auth | 1 Mk-auth | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts. | |||||
| CVE-2020-13978 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature | |||||
| CVE-2020-13976 | 1 Dd-wrt | 1 Dd-wrt | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it refers to an old software version, requires administrative privileges, and does not provide access beyond that already available to administrative users | |||||
| CVE-2020-13925 | 1 Apache | 1 Kylin | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all previous versions after 2.3 should upgrade to 3.1.0. | |||||