Total
2087 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4059 | 1 Mversion Project | 1 Mversion | 2024-08-04 | 7.3 High |
| In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function. | ||||
| CVE-2020-3760 | 2 Adobe, Microsoft | 2 Digital Editions, Windows | 2024-08-04 | 9.8 Critical |
| Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2020-1946 | 4 Apache, Debian, Fedoraproject and 1 more | 4 Spamassassin, Debian Linux, Fedora and 1 more | 2024-08-04 | 9.8 Critical |
| In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. | ||||
| CVE-2020-1790 | 1 Huawei | 1 Gaussdb 200 | 2024-08-04 | 8.8 High |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. | ||||
| CVE-2020-1811 | 1 Huawei | 1 Gaussdb 200 | 2024-08-04 | 8.8 High |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. | ||||
| CVE-2020-0130 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379 | ||||
| CVE-2021-46560 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-08-04 | 9.8 Critical |
| The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | ||||
| CVE-2021-46456 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter. | ||||
| CVE-2021-46457 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter. | ||||
| CVE-2021-46454 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. | ||||
| CVE-2021-46455 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter. | ||||
| CVE-2021-46452 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. | ||||
| CVE-2021-46453 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. | ||||
| CVE-2021-46228 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | ||||
| CVE-2021-46227 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | ||||
| CVE-2021-46230 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. | ||||
| CVE-2021-46226 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. | ||||
| CVE-2021-46233 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. | ||||
| CVE-2021-46229 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. | ||||
| CVE-2021-46232 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-08-04 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. | ||||