Vulnerabilities > Argument Injection or Modification
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-10 | CVE-2020-25268 | Argument Injection or Modification vulnerability in Ilias 6.4.0 Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | 8.8 |
| 2020-11-06 | CVE-2020-27129 | Argument Injection or Modification vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. | 6.7 |
| 2020-11-06 | CVE-2020-5648 | Argument Injection or Modification vulnerability in Mitsubishielectric Coreos 05.65.00.Bd Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. | 9.8 |
| 2020-11-02 | CVE-2020-5657 | Argument Injection or Modification vulnerability in Mitsubishielectric products Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. | 6.5 |
| 2020-10-27 | CVE-2020-15238 | Argument Injection or Modification vulnerability in multiple products Blueman is a GTK+ Bluetooth Manager. | 7.0 |
| 2020-10-20 | CVE-2020-5792 | Argument Injection or Modification vulnerability in Nagios XI 5.7.3 Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | 7.2 |
| 2020-09-22 | CVE-2020-14027 | Argument Injection or Modification vulnerability in Ozeki NG SMS Gateway An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. | 5.3 |
| 2020-08-31 | CVE-2020-4492 | Argument Injection or Modification vulnerability in IBM Spectrum Scale IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. | 5.5 |
| 2020-08-14 | CVE-2020-15692 | Argument Injection or Modification vulnerability in Nim-Lang NIM In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. | 9.8 |
| 2020-08-11 | CVE-2020-17367 | Argument Injection or Modification vulnerability in multiple products Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. | 7.8 |