Vulnerabilities > Argument Injection or Modification

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2023-0633 Argument Injection or Modification vulnerability in Docker Desktop
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
local
low complexity
docker CWE-88
7.8
2023-09-19 CVE-2023-26143 Argument Injection or Modification vulnerability in Blamer Project Blamer
Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API.
network
low complexity
blamer-project CWE-88
critical
9.1
2023-08-25 CVE-2023-39287 Argument Injection or Modification vulnerability in Mitel Mivoice Connect
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization.
network
low complexity
mitel CWE-88
5.5
2023-08-25 CVE-2023-39288 Argument Injection or Modification vulnerability in Mitel Mivoice Connect
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization.
network
low complexity
mitel CWE-88
5.5
2023-08-16 CVE-2023-20224 Argument Injection or Modification vulnerability in Cisco Thousandeyes Enterprise Agent
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments.
local
low complexity
cisco CWE-88
7.8
2023-08-04 CVE-2023-33376 Argument Injection or Modification vulnerability in Connectedio Connected IO
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.
network
low complexity
connectedio CWE-88
critical
9.8
2023-08-04 CVE-2023-33378 Argument Injection or Modification vulnerability in Connectedio Connected IO
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.
network
low complexity
connectedio CWE-88
critical
9.8
2023-07-26 CVE-2023-30577 Argument Injection or Modification vulnerability in Zmanda Amanda
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
local
low complexity
zmanda CWE-88
7.8
2023-06-27 CVE-2023-34395 Argument Injection or Modification vulnerability in Apache Apache-Airflow-Providers-Odbc
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.
local
low complexity
apache CWE-88
7.8
2023-04-16 CVE-2022-37705 Argument Injection or Modification vulnerability in Zmanda Amanda 3.5.1
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges.
local
low complexity
zmanda CWE-88
6.7