CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2020-24418 125 Exec Code 2020-10-21 2020-10-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit.
602 CVE-2020-24407 434 Exec Code 2020-11-09 2020-11-12
9.0
None Remote Low ??? Complete Complete Complete
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.
603 CVE-2020-24397 190 Exec Code Overflow 2020-10-02 2020-10-09
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.
604 CVE-2020-24384 Exec Code 2020-11-10 2020-11-24
10.0
None Remote Low Not required Complete Complete Complete
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.
605 CVE-2020-24365 94 Exec Code 2020-09-24 2020-11-19
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)
606 CVE-2020-24355 732 2020-09-02 2020-09-11
10.0
None Remote Low Not required Complete Complete Complete
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion.
607 CVE-2020-24297 78 Exec Code 2020-11-18 2020-12-01
9.0
None Remote Low ??? Complete Complete Complete
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023
608 CVE-2020-24264 863 Exec Code 2021-03-16 2021-03-23
10.0
None Remote Low Not required Complete Complete Complete
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.
609 CVE-2020-24220 78 Exec Code 2020-08-17 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server.
610 CVE-2020-24057 78 Exec Code 2020-08-21 2020-08-27
9.0
None Remote Low ??? Complete Complete Complete
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.
611 CVE-2020-24054 78 Exec Code 2020-08-21 2020-08-27
10.0
None Remote Low Not required Complete Complete Complete
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units.
612 CVE-2020-24051 287 Bypass 2020-08-21 2020-08-27
10.0
None Remote Low Not required Complete Complete Complete
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user.
613 CVE-2020-24046 269 Bypass 2020-09-17 2020-09-24
9.0
None Remote Low ??? Complete Complete Complete
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login.
614 CVE-2020-24045 269 Bypass 2020-09-17 2020-09-24
9.0
None Remote Low ??? Complete Complete Complete
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar.
615 CVE-2020-24034 502 +Priv 2020-09-01 2020-09-11
9.0
None Remote Low ??? Complete Complete Complete
Sagemcom [email protected] 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.
616 CVE-2020-24032 78 2020-08-18 2020-08-27
10.0
None Remote Low Not required Complete Complete Complete
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
617 CVE-2020-23934 78 Exec Code 2020-08-18 2020-08-26
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section.
618 CVE-2020-23639 77 Exec Code 2020-11-02 2020-11-12
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.
619 CVE-2020-23512 287 2020-09-15 2020-09-22
10.0
None Remote Low Not required Complete Complete Complete
VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication.
620 CVE-2020-23160 Exec Code 2021-01-26 2021-03-17
9.0
None Remote Low ??? Complete Complete Complete
Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.
621 CVE-2020-21999 78 Exec Code 2021-05-04 2021-05-11
9.0
None Remote Low ??? Complete Complete Complete
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
622 CVE-2020-21992 78 Exec Code Bypass 2021-04-29 2021-05-12
9.0
None Remote Low ??? Complete Complete Complete
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.
623 CVE-2020-21884 352 CSRF 2021-04-09 2021-04-14
9.3
None Remote Medium Not required Complete Complete Complete
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
624 CVE-2020-21883 78 2021-04-09 2021-04-14
9.0
None Remote Low ??? Complete Complete Complete
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
625 CVE-2020-21523 74 Exec Code 2020-09-30 2020-10-09
10.0
None Remote Low Not required Complete Complete Complete
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}
626 CVE-2020-21224 88 Exec Code 2021-02-22 2021-02-26
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server
627 CVE-2020-20269 Exec Code 2021-01-26 2021-01-30
10.0
None Remote Low Not required Complete Complete Complete
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
628 CVE-2020-19527 78 Exec Code 2020-12-10 2020-12-11
10.0
None Remote Low Not required Complete Complete Complete
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
629 CVE-2020-19417 269 2021-03-10 2021-03-18
9.0
None Remote Low ??? Complete Complete Complete
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
630 CVE-2020-19142 78 Exec Code 2020-12-10 2020-12-11
10.0
None Remote Low Not required Complete Complete Complete
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
631 CVE-2020-17523 863 Bypass 2021-02-03 2021-05-05
9.0
None Remote Low Not required Partial Partial Complete
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
632 CVE-2020-17505 78 Exec Code 2020-08-12 2020-09-22
9.0
None Remote Low ??? Complete Complete Complete
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
633 CVE-2020-17452 434 2020-08-09 2020-08-10
9.0
None Remote Low ??? Complete Complete Complete
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.
634 CVE-2020-17407 121 Exec Code 2020-10-13 2020-10-26
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10596.
635 CVE-2020-17406 78 Exec Code 2020-10-13 2020-10-26
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595.
636 CVE-2020-17389 22 Exec Code Dir. Trav. Bypass 2020-08-25 2020-08-28
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502.
637 CVE-2020-17388 749 Exec Code Bypass 2020-08-25 2020-08-28
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of proper restriction to the Tomcat admin console. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10799.
638 CVE-2020-17387 22 Exec Code Dir. Trav. Bypass 2020-08-25 2020-08-28
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565.
639 CVE-2020-17384 78 Exec Code 2020-08-25 2020-08-27
9.0
None Remote Low ??? Complete Complete Complete
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
640 CVE-2020-17363 78 Exec Code 2020-12-31 2021-01-05
9.0
None Remote Low ??? Complete Complete Complete
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
641 CVE-2020-17129 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128.
642 CVE-2020-17128 Exec Code 2020-12-10 2021-03-04
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129.
643 CVE-2020-17127 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129.
644 CVE-2020-17125 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
645 CVE-2020-17124 Exec Code 2020-12-10 2021-03-04
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint Remote Code Execution Vulnerability
646 CVE-2020-17123 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
647 CVE-2020-17122 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
648 CVE-2020-17118 Exec Code 2020-12-10 2021-03-03
10.0
None Remote Low Not required Complete Complete Complete
Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17121.
649 CVE-2020-17117 Exec Code 2020-12-10 2021-03-04
9.0
None Remote Low ??? Complete Complete Complete
Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.
650 CVE-2020-17110 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17109.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.