Total
4218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6948 | 1 Hashbrowncms | 1 Hashbrown Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password. | |||||
| CVE-2020-6842 | 1 Dlink | 2 Dch-m225, Dch-m225 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | |||||
| CVE-2020-6841 | 1 Dlink | 2 Dch-m225, Dch-m225 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | |||||
| CVE-2020-6765 | 1 Dlink | 2 Dsl-gs225, Dsl-gs225 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET. | |||||
| CVE-2020-6760 | 1 Schmid-telecom | 2 Zi 620 V400, Zi 620 V400 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. | |||||
| CVE-2020-6757 | 1 Rasilient | 2 Pixelstor 5000, Pixelstor 5000 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter. | |||||
| CVE-2020-6756 | 1 Rasilient | 2 Pixelstor 5000, Pixelstor 5000 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. | |||||
| CVE-2020-6651 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | |||||
| CVE-2020-6364 | 1 Sap | 1 Introscope Enterprise Manager | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability. | |||||
| CVE-2020-5868 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. | |||||
| CVE-2020-5791 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | |||||
| CVE-2020-5760 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | |||||
| CVE-2020-5759 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. | |||||
| CVE-2020-5758 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. | |||||
| CVE-2020-5757 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API. | |||||
| CVE-2020-5756 | 1 Grandstream | 2 Gwn7000, Gwn7000 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. | |||||
| CVE-2020-5685 | 1 Nec | 4 Univerge Sv8500, Univerge Sv8500 Firmware, Univerge Sv9500 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL. | |||||
| CVE-2020-5636 | 1 Necplatforms | 2 Aterm Sa3500g, Aterm Sa3500g Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution. | |||||
| CVE-2020-5635 | 1 Necplatforms | 2 Aterm Sa3500g, Aterm Sa3500g Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution. | |||||
| CVE-2020-5626 | 1 Infoscience | 2 Elc Analytics, Logstorage | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file. | |||||