CVE-2024-3775

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-88
View all →

Vulnerability Description

aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.

Related Vulnerabilities

CVE-2016-1000222

HIGH
CVSS:7.5(High)

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.

CWE-882016

CVE-2018-11019

HIGH
CVSS:7.5(High)

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /...

CWE-882018

CVE-2018-11021

HIGH
CVSS:7.5(High)

kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on dev...

CWE-882018

CVE-2018-11022

HIGH
CVSS:7.5(High)

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /...

CWE-882018

CVE-2018-11023

HIGH
CVSS:7.5(High)

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device ...

CWE-882018

CVE-2018-11024

HIGH
CVSS:7.5(High)

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device ...

CWE-882018