Vulnerabilities > Argument Injection or Modification

DATE CVE VULNERABILITY TITLE RISK
2018-10-16 CVE-2018-11020 Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3
kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash.
local
low complexity
amazon CWE-88
4.4
2018-10-16 CVE-2018-11019 Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash.
network
low complexity
amazon CWE-88
7.5
2018-10-06 CVE-2018-17456 Argument Injection or Modification vulnerability in multiple products
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
network
low complexity
git-scm redhat canonical debian CWE-88
critical
9.8
2018-08-23 CVE-2018-3856 Argument Injection or Modification vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-88
critical
9.9
2018-07-24 CVE-2018-13386 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories.
network
high complexity
atlassian CWE-88
8.1
2018-07-24 CVE-2018-13385 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories.
network
low complexity
atlassian CWE-88
critical
9.8
2018-07-18 CVE-2018-0345 Argument Injection or Modification vulnerability in Cisco products
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software.
network
low complexity
cisco CWE-88
8.8
2018-05-11 CVE-2018-10992 Argument Injection or Modification vulnerability in Lilypond 2.19.80
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure.
network
low complexity
lilypond CWE-88
critical
9.8
2017-11-29 CVE-2017-14591 Argument Injection or Modification vulnerability in Atlassian Crucible
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.
network
high complexity
atlassian CWE-88
critical
9.0
2017-06-16 CVE-2016-1000222 Argument Injection or Modification vulnerability in Elastic Logstash
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
network
low complexity
elastic CWE-88
7.5