• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-78

CVE-2020-1734

February 26, 2023 by

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

CVE-2020-17352

February 26, 2023 by

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

CVE-2020-17363

February 26, 2023 by

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.

CVE-2020-17368

February 26, 2023 by

Firejail through 0.9.62 mishandles shell metacharacters during use of the –output or –output-stderr option, which may lead to command injection.

CVE-2020-17010

February 26, 2023 by

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038.

CVE-2020-16846

February 26, 2023 by

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 121
  • Go to page 122
  • Go to page 123
  • Go to page 124
  • Go to page 125
  • Interim pages omitted …
  • Go to page 342
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE