Vulnerabilities > Argument Injection or Modification

DATE CVE VULNERABILITY TITLE RISK
2023-06-27 CVE-2023-34395 Argument Injection or Modification vulnerability in Apache Apache-Airflow-Providers-Odbc
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.
local
low complexity
apache CWE-88
7.8
2023-04-16 CVE-2022-37705 Argument Injection or Modification vulnerability in Zmanda Amanda 3.5.1
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges.
local
low complexity
zmanda CWE-88
6.7
2023-04-04 CVE-2023-25356 Argument Injection or Modification vulnerability in Coredial Sipxcom
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command.
network
low complexity
coredial CWE-88
8.8
2023-02-16 CVE-2022-40677 Argument Injection or Modification vulnerability in Fortinet Fortinac
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.
network
low complexity
fortinet CWE-88
8.8
2022-12-22 CVE-2022-47926 Argument Injection or Modification vulnerability in Ayacms Project Ayacms 3.1.2
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php
network
low complexity
ayacms-project CWE-88
critical
9.8
2022-11-23 CVE-2022-23740 Argument Injection or Modification vulnerability in Github Enterprise Server 3.7.0
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution.
network
low complexity
github CWE-88
8.8
2022-11-09 CVE-2022-45062 Argument Injection or Modification vulnerability in multiple products
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
network
low complexity
xfce debian fedoraproject CWE-88
critical
9.8
2022-10-24 CVE-2021-46850 Argument Injection or Modification vulnerability in Vestacp Control Panel and Vesta Control Panel
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection.
network
low complexity
vestacp CWE-88
7.2
2022-10-16 CVE-2022-42968 Argument Injection or Modification vulnerability in Gitea
Gitea before 1.17.3 does not sanitize and escape refs in the git backend.
network
low complexity
gitea CWE-88
critical
9.8
2022-10-11 CVE-2022-3140 Argument Injection or Modification vulnerability in multiple products
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server.
network
low complexity
libreoffice debian fedoraproject CWE-88
6.3