CyberSecurityBoard
Sponsor Register Login

CVE-2022-1440

Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker.

Publication date: Fri, 22 Apr 2022 23:15:00 +0000


Cyber News related to CVE-2022-1440

CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2025-37795 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2022-49738 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2022-1440 - Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git ...
3 years ago
CVE-2019-1436 - An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440. ...
5 years ago
CVE-2019-1440 - An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436. ...
5 years ago
CVE-2007-1572 - SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; ...
14 years ago
CVE-2010-1440 - Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related ...
2 years ago
CVE-2002-1440 - The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges. ...
16 years ago
CVE-2005-1440 - Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in ...
16 years ago
CVE-2012-1440 - The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ...
13 years ago
CVE-1999-1440 - Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, ...
8 years ago
CVE-2001-1440 - Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. ...
7 years ago
CVE-2004-1440 - Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to ...
7 years ago
CVE-2006-1440 - BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links. This vulnerability is addressed in the following product release: ...
7 years ago
CVE-2003-1440 - SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions. ...
7 years ago
CVE-2009-1440 - Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename. ...
7 years ago
CVE-2016-1440 - The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a ...
7 years ago
CVE-2008-1440 - Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) ...
1 year ago
CVE-2007-1440 - SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter. ...
6 years ago
CVE-2017-11729 - A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. ...
5 years ago
CVE-2017-1440 - IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute ...
5 years ago
CVE-2018-1440 - IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...
5 years ago
CVE-2011-1440 - Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. ...
5 years ago
CVE-2020-1440 - <p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.</p> ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)