Total
2088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36456 | 1 Toolshed Project | 1 Toolshed | 2024-08-04 | 8.1 High |
| An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell<T>, the Send trait lacks bounds on the contained type. | ||||
| CVE-2020-36455 | 1 Brokenlamp | 1 Slock | 2024-08-04 | 8.1 High |
| An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock<T> unconditionally implements Send and Sync. | ||||
| CVE-2020-35794 | 1 Netgear | 14 Rbk752, Rbk752 Firmware, Rbk852 and 11 more | 2024-08-04 | 8.4 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||||
| CVE-2020-35777 | 1 Netgear | 2 Dgn2200v1, Dgn2200v1 Firmware | 2024-08-04 | 8.4 High |
| NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. | ||||
| CVE-2020-35790 | 1 Netgear | 8 D7800, D7800 Firmware, R7800 and 5 more | 2024-08-04 | 6.4 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. | ||||
| CVE-2020-35793 | 1 Netgear | 10 D7800, D7800 Firmware, R7500 and 7 more | 2024-08-04 | 6.1 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. | ||||
| CVE-2020-35798 | 1 Netgear | 60 R6400v2, R6400v2 Firmware, R6700v3 and 57 more | 2024-08-04 | 9.3 Critical |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50. | ||||
| CVE-2020-35791 | 1 Netgear | 6 R7800, R7800 Firmware, R8900 and 3 more | 2024-08-04 | 6.4 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. | ||||
| CVE-2020-35792 | 1 Netgear | 8 R7500, R7500 Firmware, R7800 and 5 more | 2024-08-04 | 8.3 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68. | ||||
| CVE-2020-29599 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-08-04 | 7.8 High |
| ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. | ||||
| CVE-2020-29547 | 1 Citadel | 1 Webcit | 2024-08-04 | 5.9 Medium |
| An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure. | ||||
| CVE-2020-29548 | 1 Smartertools | 1 Smartermail | 2024-08-04 | 8.1 High |
| An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. | ||||
| CVE-2020-29299 | 1 Zyxel | 7 Atp, Nsg, Nsg Firmware and 4 more | 2024-08-04 | 7.2 High |
| Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. | ||||
| CVE-2020-28902 | 1 Nagios | 1 Fusion | 2024-08-04 | 9.8 Critical |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | ||||
| CVE-2020-28908 | 1 Nagios | 1 Fusion | 2024-08-04 | 9.8 Critical |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. | ||||
| CVE-2020-28901 | 1 Nagios | 1 Fusion | 2024-08-04 | 9.8 Critical |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | ||||
| CVE-2020-28243 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-08-04 | 7.8 High |
| An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | ||||
| CVE-2020-27867 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2024-08-04 | 6.8 Medium |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653. | ||||
| CVE-2020-27864 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880. | ||||
| CVE-2020-27862 | 1 Dlink | 4 Dsl-2888a, Dsl-2888a Firmware, Dva-2800 and 1 more | 2024-08-04 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911. | ||||