Total
207 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43402 | 2024-09-05 | N/A | 8.1 HIGH | ||
| Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name. | |||||
| CVE-2024-3980 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-08-30 | N/A | 8.8 HIGH |
| The product allows user input to control or influence paths or file names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are critical to the application. | |||||
| CVE-2024-39930 | 2024-08-28 | N/A | 9.9 CRITICAL | ||
| The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected. | |||||
| CVE-2024-7573 | 2024-08-28 | N/A | 5.3 MEDIUM | ||
| The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts. | |||||
| CVE-2024-3367 | 2024-08-26 | N/A | 6.5 MEDIUM | ||
| Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | |||||
| CVE-2024-41710 | 2024-08-14 | N/A | 6.8 MEDIUM | ||
| A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. | |||||
| CVE-2024-41711 | 2024-08-14 | N/A | 6.8 MEDIUM | ||
| A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. | |||||
| CVE-2024-22182 | 2024-08-12 | N/A | 8.6 HIGH | ||
| A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service. | |||||
| CVE-2022-30284 | 1 Python-libnmap Project | 1 Python-libnmap | 2024-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case | |||||
| CVE-2024-39933 | 2024-07-12 | N/A | 7.7 HIGH | ||
| Gogs through 0.13.0 allows argument injection during the tagging of a new release. | |||||
| CVE-2024-31966 | 2024-07-03 | N/A | 6.2 MEDIUM | ||
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify system configuration or execute arbitrary commands. | |||||
| CVE-2024-35307 | 2024-06-10 | N/A | N/A | ||
| Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. | |||||
| CVE-2024-2422 | 2024-05-30 | N/A | N/A | ||
| LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands. | |||||
| CVE-2023-44452 | 2024-05-03 | N/A | 7.8 HIGH | ||
| Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132. | |||||
| CVE-2023-50232 | 2024-05-03 | N/A | 8.8 HIGH | ||
| Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getParams method. The issue results from the lack of proper validation of a user-supplied string before using it to prepare an argument for a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22028. | |||||
| CVE-2024-32462 | 2024-05-01 | N/A | 8.4 HIGH | ||
| Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6. | |||||
| CVE-2024-24576 | 2024-05-01 | N/A | 10.0 CRITICAL | ||
| Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic. | |||||
| CVE-2024-32884 | 2024-04-26 | N/A | 6.4 MEDIUM | ||
| gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0. | |||||
| CVE-2024-3684 | 2024-04-19 | N/A | 8.0 HIGH | ||
| A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-3817 | 2024-04-18 | N/A | 9.8 CRITICAL | ||
| HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package. | |||||