CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2020-5561 78 Exec Code 2020-03-25 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
1302 CVE-2020-5560 78 Exec Code 2020-03-25 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors.
1303 CVE-2020-5558 74 Exec Code 2020-03-25 2020-03-27
9.0
None Remote Low ??? Complete Complete Complete
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.
1304 CVE-2020-5556 78 Exec Code 2020-03-25 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
1305 CVE-2020-5553 94 Exec Code 2020-03-25 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
1306 CVE-2020-5514 434 2020-01-06 2020-01-09
9.0
None Remote Low ??? Complete Complete Complete
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
1307 CVE-2020-5510 89 Sql 2020-01-08 2020-01-10
10.0
None Remote Low Not required Complete Complete Complete
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
1308 CVE-2020-5352 78 Exec Code 2020-07-06 2020-07-13
9.0
None Remote Low ??? Complete Complete Complete
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system.
1309 CVE-2020-5350 78 Exec Code 2020-04-15 2020-04-23
9.0
None Remote Low ??? Complete Complete Complete
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
1310 CVE-2020-5344 787 Exec Code Overflow 2020-03-31 2020-04-03
10.0
None Remote Low Not required Complete Complete Complete
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
1311 CVE-2020-5332 78 Exec Code 2020-05-04 2020-05-11
9.0
None Remote Low ??? Complete Complete Complete
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed.
1312 CVE-2020-5328 306 2020-03-06 2020-03-09
10.0
None Remote Low Not required Complete Complete Complete
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.
1313 CVE-2020-5327 502 Exec Code 2020-03-06 2020-03-09
9.3
None Remote Medium Not required Complete Complete Complete
Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.
1314 CVE-2020-5256 434 Exec Code 2020-03-09 2020-03-10
9.0
None Remote Low ??? Complete Complete Complete
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.
1315 CVE-2020-5245 74 Exec Code 2020-02-24 2020-03-13
9.0
None Remote Low ??? Complete Complete Complete
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.
1316 CVE-2020-5242 863 Exec Code 2020-02-20 2020-02-26
9.3
None Remote Medium Not required Complete Complete Complete
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls.
1317 CVE-2020-5179 78 Exec Code 2020-01-02 2020-01-13
9.0
None Remote Low ??? Complete Complete Complete
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
1318 CVE-2020-5146 78 2021-01-09 2021-01-14
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.
1319 CVE-2020-4952 2021-01-27 2021-01-29
9.0
None Remote Low ??? Complete Complete Complete
IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.
1320 CVE-2020-4888 502 Exec Code 2021-01-28 2021-02-02
9.0
None Remote Low ??? Complete Complete Complete
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.
1321 CVE-2020-4759 1236 Exec Code 2020-11-09 2020-11-12
9.3
None Remote Medium Not required Complete Complete Complete
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736.
1322 CVE-2020-4724 120 Exec Code Mem. Corr. 2020-10-29 2020-10-30
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
1323 CVE-2020-4723 120 Exec Code Mem. Corr. 2020-10-29 2020-10-30
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873.
1324 CVE-2020-4722 120 Exec Code Mem. Corr. 2020-10-29 2020-10-30
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870.
1325 CVE-2020-4721 120 Exec Code Mem. Corr. 2020-10-29 2020-10-30
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868.
1326 CVE-2020-4682 502 Exec Code 2021-01-28 2021-02-02
10.0
None Remote Low Not required Complete Complete Complete
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
1327 CVE-2020-4633 20 Exec Code 2020-12-11 2020-12-14
9.0
None Remote Low ??? Complete Complete Complete
IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.
1328 CVE-2020-4627 74 Exec Code 2020-11-30 2020-11-30
9.0
None Remote Low ??? Complete Complete Complete
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.
1329 CVE-2020-4620 434 Exec Code 2020-09-22 2020-09-22
9.0
None Remote Low ??? Complete Complete Complete
IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.
1330 CVE-2020-4589 74 Exec Code 2020-08-13 2020-08-21
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.
1331 CVE-2020-4545 426 Exec Code 2020-09-04 2020-09-09
9.3
None Remote Medium Not required Complete Complete Complete
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190.
1332 CVE-2020-4521 502 Exec Code 2020-09-15 2020-09-16
9.0
None Remote Low ??? Complete Complete Complete
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
1333 CVE-2020-4495 863 Bypass 2021-06-02 2021-06-07
9.0
None Remote Low ??? Complete Complete Complete
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.
1334 CVE-2020-4469 78 Exec Code 2020-06-15 2020-06-17
10.0
None Remote Low Not required Complete Complete Complete
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.
1335 CVE-2020-4468 119 Exec Code Overflow Mem. Corr. 2020-05-14 2020-05-14
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723.
1336 CVE-2020-4467 119 Exec Code Overflow Mem. Corr. 2020-05-14 2020-05-14
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721.
1337 CVE-2020-4464 502 Exec Code 2020-07-17 2020-07-22
9.0
None Remote Low ??? Complete Complete Complete
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.
1338 CVE-2020-4450 502 Exec Code 2020-06-05 2020-06-09
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.
1339 CVE-2020-4448 502 Exec Code 2020-06-05 2020-06-10
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.
1340 CVE-2020-4433 787 Exec Code Overflow 2020-06-10 2020-06-15
9.3
None Remote Medium Not required Complete Complete Complete
Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.
1341 CVE-2020-4429 798 Exec Code 2020-05-07 2020-05-08
10.0
None Remote Low Not required Complete Complete Complete
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
1342 CVE-2020-4428 78 Exec Code 2020-05-07 2020-05-08
9.0
None Remote Low ??? Complete Complete Complete
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
1343 CVE-2020-4427 287 Bypass 2020-05-07 2020-05-08
9.0
None Remote Low ??? Complete Complete Complete
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
1344 CVE-2020-4422 119 Exec Code Overflow Mem. Corr. 2020-05-14 2020-05-14
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167.
1345 CVE-2020-4415 787 Exec Code Overflow 2020-04-23 2020-04-28
10.0
None Remote Low Not required Complete Complete Complete
IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990.
1346 CVE-2020-4343 119 Exec Code Overflow Mem. Corr. 2020-05-14 2020-05-14
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244.
1347 CVE-2020-4305 502 Exec Code 2020-07-09 2020-07-17
9.3
None Remote Medium Not required Complete Complete Complete
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.
1348 CVE-2020-4302 755 Exec Code 2020-10-12 2020-10-14
9.3
None Remote Medium Not required Complete Complete Complete
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.
1349 CVE-2020-4288 119 Exec Code Overflow Mem. Corr. 2020-05-14 2020-05-14
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270.
1350 CVE-2020-4287 119 Exec Code Overflow Mem. Corr. 2020-05-14 2020-05-14
9.3
None Remote Medium Not required Complete Complete Complete
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.