Total
207 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26310 | 1 Oppo | 2 Coloros, Find X3 | 2023-08-14 | 9.8 Critical |
| There is a command injection problem in the old version of the mobile phone backup app. | ||||
| CVE-2023-33376 | 1 Connectedio | 1 Connected Io | 2023-08-08 | 9.8 Critical |
| Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | ||||
| CVE-2023-33378 | 1 Connectedio | 1 Connected Io | 2023-08-08 | 9.8 Critical |
| Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | ||||
| CVE-2021-46850 | 1 Vestacp | 2 Control Panel, Vesta Control Panel | 2023-08-08 | 7.2 High |
| myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint. | ||||
| CVE-2022-24953 | 1 Pear | 1 Crypt Gpg | 2023-08-08 | 5.3 Medium |
| The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. | ||||
| CVE-2022-21187 | 1 Libvcs Project | 1 Libvcs | 2023-08-08 | 9.8 Critical |
| The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution. | ||||
| CVE-2022-25900 | 1 Git-clone Project | 1 Git-clone | 2023-08-08 | 9.8 Critical |
| All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. | ||||
| CVE-2022-25865 | 1 Microsoft | 1 Workspace-tools | 2023-08-08 | 9.8 Critical |
| The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | ||||
| CVE-2022-24437 | 1 Git-pull-or-clone Project | 1 Git-pull-or-clone | 2023-08-08 | 9.8 Critical |
| The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection. | ||||
| CVE-2022-25866 | 1 Git-php Project | 1 Git-php | 2023-08-08 | 9.8 Critical |
| The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | ||||
| CVE-2022-25766 | 1 Ungit Project | 1 Ungit | 2023-08-08 | 8.8 High |
| The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution. | ||||
| CVE-2022-24376 | 1 Git-promise Project | 1 Git-promise | 2023-08-08 | 9.8 Critical |
| All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. | ||||
| CVE-2022-24433 | 1 Simple-git Project | 1 Simple-git | 2023-08-08 | 9.8 Critical |
| The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution. | ||||
| CVE-2022-24066 | 1 Simple-git Project | 1 Simple-git | 2023-08-08 | 9.8 Critical |
| The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover. | ||||
| CVE-2022-37027 | 1 Ahsay | 1 Cloud Backup Suite | 2023-08-08 | 7.2 High |
| Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user. | ||||
| CVE-2023-34395 | 1 Apache | 1 Apache-airflow-providers-odbc | 2023-07-06 | 7.8 High |
| Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0. | ||||
| CVE-2020-7808 | 2 Microsoft, Raonwiz | 4 Windows 10, Windows 7, Windows 8 and 1 more | 2023-05-08 | 9.8 Critical |
| In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it. | ||||
| CVE-2019-1779 | 1 Cisco | 90 Firepower 4110, Firepower 4112, Firepower 4115 and 87 more | 2023-04-20 | 6.7 Medium |
| A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability. | ||||
| CVE-2019-1780 | 1 Cisco | 92 Firepower 4110, Firepower 4115, Firepower 4120 and 89 more | 2023-04-20 | 6.7 Medium |
| A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected. | ||||
| CVE-2019-1795 | 1 Cisco | 144 7000 10-slot, 7000 18-slot, 7000 4-slot and 141 more | 2023-04-20 | 6.7 Medium |
| A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | ||||