Vulnerabilities (CVE)

Filtered by CWE-88
Total 217 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43736 1 Cmswing 1 Cmswing 2024-11-21 7.5 HIGH 9.8 CRITICAL
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
CVE-2021-41316 1 Device42 1 Device42 2024-11-21 8.5 HIGH 8.1 HIGH
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.
CVE-2021-3540 1 Ivanti 1 Mobileiron 2024-11-21 9.0 HIGH 6.5 MEDIUM
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
CVE-2021-3401 1 Bitcoin 1 Bitcoin 2024-11-21 7.5 HIGH 9.8 CRITICAL
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."
CVE-2021-3256 1 Kuaifan 1 Kuaifancms 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.
CVE-2021-3045 1 Paloaltonetworks 1 Pan-os 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.
CVE-2021-38112 1 Amazon 1 Aws Workspaces 2024-11-21 9.3 HIGH 8.8 HIGH
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
CVE-2021-37040 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.
CVE-2021-36122 1 Echobh 1 Sharecare 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/UnzipFile_Upd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject arbitrary arguments to 7z.exe.
CVE-2021-34816 1 Etherpad 1 Etherpad 2024-11-21 6.5 MEDIUM 7.2 HIGH
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
CVE-2021-34718 1 Cisco 36 Asr 9000v-v2, Asr 9001, Asr 9006 and 33 more 2024-11-21 8.5 HIGH 8.1 HIGH
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
CVE-2021-33564 1 Dragonfly Project 1 Dragonfly 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
CVE-2021-33473 1 Dragonfly Project 1 Dragonfly 2024-11-21 4.9 MEDIUM 9.1 CRITICAL
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
CVE-2021-31909 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
CVE-2021-29472 3 Debian, Fedoraproject, Getcomposer 3 Debian Linux, Fedora, Composer 2024-11-21 6.5 MEDIUM 8.8 HIGH
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue.
CVE-2021-29461 1 Demon1a 1 Discord-recon 2024-11-21 9.0 HIGH 8.1 HIGH
Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch.
CVE-2021-26937 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Screen 2024-11-21 7.5 HIGH 9.8 CRITICAL
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
CVE-2021-24030 1 Facebook 1 Gameroom 2024-11-21 7.5 HIGH 9.8 CRITICAL
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.
CVE-2021-21814 1 Att 1 Xmill 2024-11-21 4.6 MEDIUM 7.8 HIGH
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy‘d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability.
CVE-2021-21386 1 Apkleaks Project 1 Apkleaks 2024-11-21 10.0 HIGH 9.3 CRITICAL
APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above.