CVE-2022-35975

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-78
View all →

Vulnerability Description

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension.

Related Vulnerabilities

CVE-1999-0043

CRITICAL
CVSS:9.8(Critical)

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

CWE-781999

CVE-2005-10003

MEDIUM
CVSS:9.8(Critical)

A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possib...

CWE-782005

CVE-2011-2195

CRITICAL
CVSS:9.8(Critical)

A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument ...

CWE-782011

CVE-2011-2523

CRITICAL
CVSS:9.8(Critical)

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

CWE-782011

CVE-2012-5878

CRITICAL
CVSS:9.8(Critical)

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (...

CWE-782012

CVE-2013-1599

CRITICAL
CVSS:9.8(Critical)

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-110...

CWE-782013