Search
Total
205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10561 | 1 Mi | 2 Mijia Inkjet Printer, Mijia Inkjet Printer Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities. | |||||
| CVE-2020-10948 | 1 Alienform2 Project | 1 Alienform2 | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests. | |||||
| CVE-2020-11789 | 1 Netgear | 8 R6400, R6400 Firmware, R6700 and 5 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. | |||||
| CVE-2020-12835 | 1 Smartbear | 1 Readyapi | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component. | |||||
| CVE-2020-14094 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. | |||||
| CVE-2020-15489 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. | |||||
| CVE-2020-5203 | 1 Fatfreeframework | 1 Fat-free Framework | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method. | |||||
| CVE-2020-5599 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | |||||
| CVE-2020-7602 | 1 Node-prompt-here Project | 1 Node-prompt-here | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization. | |||||
| CVE-2020-7601 | 1 Gulp-scss-lint Project | 1 Gulp-scss-lint | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options. | |||||
| CVE-2020-7607 | 1 Gulp-styledocco Project | 1 Gulp-styledocco | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization. | |||||
| CVE-2020-7606 | 1 Docker-compose-remote-api Project | 1 Docker-compose-remote-api | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization. | |||||
| CVE-2020-7605 | 1 Gulp-tape Project | 1 Gulp-tape | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options. | |||||
| CVE-2020-7620 | 1 Netease | 1 Pomelo-monitor | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. | |||||
| CVE-2020-7619 | 1 Get-git-data Project | 1 Get-git-data | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. | |||||
| CVE-2020-7624 | 1 Effect Project | 1 Effect | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | |||||
| CVE-2020-7623 | 1 Jscover Project | 1 Jscover | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
| CVE-2020-7626 | 1 Karma-mojo Project | 1 Karma-mojo | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | |||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | |||||
| CVE-2020-7631 | 1 Diskusage-ng Project | 1 Diskusage-ng | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | |||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7635 | 1 Compass-compile Project | 1 Compass-compile | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | |||||
| CVE-2021-20736 | 1 Weseek | 1 Growi | 2021-07-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors. | |||||
| CVE-2018-25016 | 1 Greenbone | 2 Greenbone Os, Greenbone Security Assistant | 2021-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. | |||||
| CVE-2020-13942 | 1 Apache | 1 Unomi | 2021-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem. | |||||
| CVE-2020-35775 | 1 Citsmart | 1 Citsmart | 2021-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| CITSmart before 9.1.2.23 allows LDAP Injection. | |||||
| CVE-2017-15708 | 1 Apache | 2 Commons Collections, Synapse | 2021-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version. | |||||
| CVE-2021-21353 | 1 Pugjs | 2 Pug, Pug-code-gen | 2021-03-09 | 6.8 MEDIUM | 9.0 CRITICAL |
| Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade. | |||||
| CVE-2021-27730 | 1 Accellion | 1 Fta | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. | |||||
| CVE-2021-27132 | 1 Sercomm | 2 Agcombo Vd625, Agcombo Vd625 Firmware | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. | |||||
| CVE-2021-21479 | 1 Sap | 1 Scimono | 2021-02-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | |||||
| CVE-2020-15690 | 1 Nim-lang | 1 Nim | 2021-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | |||||
| CVE-2021-21278 | 1 Rsshub | 1 Rsshub | 2021-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint. | |||||
| CVE-2021-21244 | 1 Onedev Project | 1 Onedev | 2021-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely. | |||||
| CVE-2020-26282 | 1 Browserup | 1 Browserup Proxy | 2020-12-31 | 7.5 HIGH | 10.0 CRITICAL |
| BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. This has been patched in version 2.1.2. | |||||
| CVE-2020-21523 | 1 Halo | 1 Halo | 2020-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")} | |||||
| CVE-2019-12966 | 1 Fehelper Project | 1 Fehelper | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. | |||||
| CVE-2018-3963 | 1 Getcujo | 1 Smart Firewall | 2020-08-24 | 8.3 HIGH | 9.0 CRITICAL |
| An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry. | |||||
| CVE-2019-10665 | 1 Librenms | 1 Librenms | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files. | |||||
| CVE-2020-14505 | 1 Advantech | 1 Iview | 2020-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. | |||||
| CVE-2018-21268 | 1 Traceroute Project | 1 Traceroute | 2020-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character. | |||||
| CVE-2019-20409 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | |||||
| CVE-2017-18900 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report. | |||||
| CVE-2015-3253 | 2 Apache, Oracle | 6 Groovy, Health Sciences Clinical Development Center, Retail Order Broker Cloud Service and 3 more | 2020-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. | |||||
| CVE-2020-1961 | 1 Apache | 1 Syncope | 2020-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. | |||||
| CVE-2018-21051 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). | |||||
| CVE-2017-18652 | 1 Google | 1 Android | 2020-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017). | |||||
| CVE-2019-19330 | 3 Canonical, Debian, Haproxy | 3 Ubuntu Linux, Debian Linux, Haproxy | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | |||||
| CVE-2013-7487 | 1 Swann | 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more | 2020-03-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | |||||