CVE-2020-15167

HIGH Year: 2020
CVSS v3 Score
8.6
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.

Related Vulnerabilities

CVE-2019-16645

HIGH
CVSS:8.6(High)

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent...

CWE-942019

CVE-2020-5259

HIGH
CVSS:8.6(High)

In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language con...

CWE-942020

CVE-2020-7672

HIGH
CVSS:8.6(High)

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` argument is executed by the `eval` function, resulting in code execution.

CWE-942020

CVE-2024-21674

HIGH
CVSS:8.6(High)

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 ...

CWE-942024

CVE-2024-25713

HIGH
CVSS:8.6(High)

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with po...

CWE-942024

CVE-2024-4202

HIGH
CVSS:8.6(High)

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.

CWE-942024