Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

command injection vulnerabilities and exploits

(subscribe to this query)

9.8
CVE-2022-25168
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local...
Apache Hadoop
8.8
CVSSv3
CVE-2017-5078
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example,...
Google ChromeRedhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Workstation 6.0
7.8
CVSSv3
CVE-2017-1000159
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91....
Gnome Evince
9.8
CVSSv3
CVE-2017-1000469
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user....
Cobbler Project Cobbler
9.8
CVSSv3
CVE-2017-1000487
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings....
Plexus-utils Project Plexus-utilsDebian Debian Linux 7.0Debian Debian Linux 8.0Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection....
Yaws Yaws
9.8
CVSSv3
CVE-2021-26616
An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments....
Secuwiz Secuwayssl U
9.8
CVSSv3
CVE-2019-12929
** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been...
Qemu Qemu
8.4
CVSSv3
CVE-2019-13139
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in...
Docker Docker
7.8
CVSSv3
CVE-2018-16741
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the...
Mgetty Project MgettyDebian Debian Linux 9.0Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-3236CVE-2022-32781CVE-2022-32826IDORopen redirectCVE-2022-32849CVE-2022-26134CVE-2022-40667unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook