Vulnerabilities > Argument Injection or Modification
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-39288 | Argument Injection or Modification vulnerability in Mitel Mivoice Connect A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. | 5.5 |
| 2023-08-16 | CVE-2023-20224 | Argument Injection or Modification vulnerability in Cisco Thousandeyes Enterprise Agent A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. | 7.8 |
| 2023-08-04 | CVE-2023-33376 | Argument Injection or Modification vulnerability in Connectedio Connected IO Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 9.8 |
| 2023-08-04 | CVE-2023-33378 | Argument Injection or Modification vulnerability in Connectedio Connected IO Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 9.8 |
| 2023-07-26 | CVE-2023-30577 | Argument Injection or Modification vulnerability in Zmanda Amanda AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. | 7.8 |
| 2023-06-27 | CVE-2023-34395 | Argument Injection or Modification vulnerability in Apache Apache-Airflow-Providers-Odbc Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0. | 7.8 |
| 2023-04-16 | CVE-2022-37705 | Argument Injection or Modification vulnerability in Zmanda Amanda 3.5.1 A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. | 6.7 |
| 2023-03-24 | CVE-2022-47502 | Argument Injection or Modification vulnerability in Apache Openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. | 7.8 |
| 2023-02-16 | CVE-2022-40677 | Argument Injection or Modification vulnerability in Fortinet Fortinac A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. | 8.8 |
| 2022-12-22 | CVE-2022-47926 | Argument Injection or Modification vulnerability in Ayacms Project Ayacms 3.1.2 AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php | 9.8 |