Export limit exceeded: 10206 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10206 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35476 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | ||||
| CVE-2020-35370 | 1 Raysync | 1 Raysync | 2024-11-21 | 8.8 High |
| A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. | ||||
| CVE-2020-35339 | 1 74cms | 1 74cms | 2024-11-21 | 9.8 Critical |
| In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | ||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | ||||
| CVE-2020-35235 | 1 Themexa | 1 Secure File Manager | 2024-11-21 | 8.8 High |
| vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35136 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.2 High |
| Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. | ||||
| CVE-2020-2211 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 8.8 High |
| Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2189 | 1 Jenkins | 1 Source Code Management Filter Jervis | 2024-11-21 | 8.8 High |
| Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2180 | 1 Jenkins | 1 Amazon Web Services Serverless Application Model | 2024-11-21 | 8.8 High |
| Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2179 | 1 Jenkins | 1 Yaml Axis | 2024-11-21 | 8.8 High |
| Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2168 | 1 Jenkins | 1 Azure Container Service | 2024-11-21 | 8.8 High |
| Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2167 | 2 Jenkins, Redhat | 2 Openshift Pipeline, Openshift | 2024-11-21 | 8.8 High |
| Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2166 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 8.8 High |
| Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2158 | 1 Jenkins | 1 Literate | 2024-11-21 | 8.8 High |
| Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2123 | 1 Jenkins | 1 Radargun | 2024-11-21 | 8.8 High |
| Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2121 | 1 Jenkins | 1 Google Kubernetes Engine | 2024-11-21 | 8.8 High |
| Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-29279 | 1 74cms | 1 74cms | 2024-11-21 | 9.8 Critical |
| PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. | ||||
| CVE-2020-28926 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2024-11-21 | 9.8 Critical |
| ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. | ||||
| CVE-2020-28871 | 1 Monitorr | 1 Monitorr | 2024-11-21 | 9.8 Critical |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | ||||
| CVE-2020-28695 | 1 Askey | 2 Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7, Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7 Firmware | 2024-11-21 | 8.8 High |
| Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | ||||