Vulnerabilities > Argument Injection or Modification

DATE CVE VULNERABILITY TITLE RISK
2021-02-22 CVE-2020-21224 Argument Injection OR Modification vulnerability in Inspur Clusterengine 4.0
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0.
network
low complexity
inspur CWE-88
critical
10.0
2021-02-18 CVE-2020-28490 Argument Injection OR Modification vulnerability in Async-Git Project Async-Git
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks).
network
low complexity
async-git-project CWE-88
7.5
2021-02-15 CVE-2021-27201 Argument Injection OR Modification vulnerability in Endian Firewall Community 3.3.2
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.
network
low complexity
endian CWE-88
6.5
2021-02-09 CVE-2021-26937 Argument Injection OR Modification vulnerability in multiple products
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
network
low complexity
gnu debian CWE-88
7.5
2021-01-26 CVE-2020-35576 Argument Injection OR Modification vulnerability in Tp-Link Tl-Wr841N Firmware 3.13.9/3.16.9
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
network
low complexity
tp-link CWE-88
critical
9.0
2020-12-31 CVE-2020-19664 Argument Injection OR Modification vulnerability in Draytek Vigor2960 Firmware 1.5.1
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
network
low complexity
draytek CWE-88
6.5
2020-12-18 CVE-2020-25494 Argument Injection OR Modification vulnerability in Xinuos Openserver 5.0.7/6.0
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
network
low complexity
xinuos CWE-88
7.5
2020-11-18 CVE-2020-28367 Argument Injection OR Modification vulnerability in multiple products
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.
network
high complexity
golang debian fedoraproject CWE-88
5.1
2020-11-06 CVE-2020-27129 Argument Injection OR Modification vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges.
local
low complexity
cisco CWE-88
7.2
2020-11-06 CVE-2020-5648 Argument Injection OR Modification vulnerability in Mitsubishielectric Coreos
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-88
6.5