Filtered by CWE-88
Total 250 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-21384 3 Microsoft, Opengroup, Shescape Project 3 Windows, Unix, Shescape 2024-08-03 6.3 Medium
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
CVE-2021-3401 1 Bitcoin 1 Bitcoin 2024-08-03 9.8 Critical
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."
CVE-2021-3256 1 Kuaifan 1 Kuaifancms 2024-08-03 6.5 Medium
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.
CVE-2021-3197 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-08-03 9.8 Critical
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
CVE-2022-47926 1 Ayacms Project 1 Ayacms 2024-08-03 9.8 Critical
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php
CVE-2022-47502 1 Apache 1 Openoffice 2024-08-03 7.8 High
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.
CVE-2022-45062 3 Debian, Fedoraproject, Xfce 3 Debian Linux, Fedora, Xfce4-settings 2024-08-03 9.8 Critical
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
CVE-2022-44731 1 Siemens 1 Simatic Wincc Oa 2024-08-03 5.4 Medium
A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).
CVE-2022-42968 1 Gitea 1 Gitea 2024-08-03 9.8 Critical
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
CVE-2022-37705 1 Zmanda 1 Amanda 2024-08-03 6.7 Medium
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
CVE-2022-37005 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-08-03 7.5 High
The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-37027 1 Ahsay 1 Cloud Backup Suite 2024-08-03 7.2 High
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user.
CVE-2022-36322 1 Jetbrains 1 Teamcity 2024-08-03 5.4 Medium
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
CVE-2022-36069 1 Python-poetry 1 Poetry 2024-08-03 7.3 High
Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe, because the exploit still works when the victim tries to make sure nothing can happen, e.g. by vetting any Git or Poetry config files that might be present in the directory. Versions 1.1.9 and 1.2.0b1 contain patches for this issue.
CVE-2022-30284 1 Python-libnmap Project 1 Python-libnmap 2024-08-03 9 Critical
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case
CVE-2022-31246 2 Electrum, Microsoft 2 Electrum, Windows 2024-08-03 5.5 Medium
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename.
CVE-2022-31084 2 Debian, Ldap-account-manager 2 Debian Linux, Ldap Account Manager 2024-08-03 8.1 High
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0.
CVE-2022-30240 1 Insightsoftware 1 Magnitude Simba Amazon Redshift Jdbc Driver 2024-08-03 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972.
CVE-2022-30239 1 Insightsoftware 1 Magnitude Simba Amazon Athena Jdbc Driver 2024-08-03 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.
CVE-2022-29971 1 Insightsoftware 1 Magnitude Simba Amazon Athena Odbc Driver 2024-08-03 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code.