Total
2568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35791 | 1 Netgear | 6 R7800, R7800 Firmware, R8900 and 3 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. | |||||
| CVE-2020-35790 | 1 Netgear | 8 D7800, D7800 Firmware, R7800 and 5 more | 2024-11-21 | 5.2 MEDIUM | 6.4 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. | |||||
| CVE-2020-35777 | 1 Netgear | 2 Dgn2200v1, Dgn2200v1 Firmware | 2024-11-21 | 7.7 HIGH | 8.4 HIGH |
| NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. | |||||
| CVE-2020-2508 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) | |||||
| CVE-2020-2492 | 1 Qnap | 1 Qts | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | |||||
| CVE-2020-2490 | 1 Qnap | 1 Qts | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | |||||
| CVE-2020-29548 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. | |||||
| CVE-2020-29299 | 1 Zyxel | 7 Atp, Nsg, Nsg Firmware and 4 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. | |||||
| CVE-2020-28908 | 1 Nagios | 1 Fusion | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. | |||||
| CVE-2020-28902 | 1 Nagios | 1 Fusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | |||||
| CVE-2020-28901 | 1 Nagios | 1 Fusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | |||||
| CVE-2020-28453 | 1 Npos-tesseract Project | 1 Npos-tesseract | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. | |||||
| CVE-2020-28451 | 1 Image-tiler Project | 1 Image-tiler | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects the package image-tiler before 2.0.2. | |||||
| CVE-2020-28447 | 1 Xopen Project | 1 Xopen | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) | |||||
| CVE-2020-28446 | 1 Ntesseract Project | 1 Ntesseract | 2024-11-21 | N/A | 9.8 CRITICAL |
| The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. | |||||
| CVE-2020-28445 | 1 Npm-help Project | 1 Npm-help | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. | |||||
| CVE-2020-28443 | 1 Sonar-wrapper Project | 1 Sonar-wrapper | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. | |||||
| CVE-2020-28438 | 1 Deferred-exec Project | 1 Deferred-exec | 2024-11-21 | N/A | 9.8 CRITICAL |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js | |||||
| CVE-2020-28437 | 1 Heroku-env Project | 1 Heroku-env | 2024-11-21 | N/A | 9.4 CRITICAL |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. | |||||
| CVE-2020-28436 | 1 Google-cloudstorage-commands Project | 1 Google-cloudstorage-commands | 2024-11-21 | N/A | 7.3 HIGH |
| This affects all versions of package google-cloudstorage-commands. | |||||