Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-117

CWE-117

Medium likelihood

Improper Output Neutralization for Logs

Parent: CWE-116 - Improper Encoding or Escaping of Output

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

98 vulnerabilities with CWE-117

CVE-2024-23194 LOW

Gallagher Command Centre <9.10.1268 - Info Disclosure

CVE-2024-0095 CRITICAL

NVIDIA Triton Inference Server 20.10-24.05 - Log Injection and Remote Code Execution

CVE-2024-31845 MEDIUM

Italtel Embrace 1.6.4 - Info Disclosure

CVE-2024-25047 HIGH

IBM Cognos Analytics <12.0.2 - Code Injection

CVE-2024-1681 MEDIUM

flask-cors < 4.0.1 - Log Injection via CRLF Sequence in Request Path

CVE-2024-32474 HIGH

Sentry 24.3.0-24.4.1 - Cleartext Password Exposure in Superuser Authentication Logs

CVE-2024-29022 HIGH

Xibo CMS 1.8.0-3.3.9 and 4.0.0-4.0.8 - Stored Cross-Site Scripting via Request Headers

CVE-2024-22356 MEDIUM

IBM App Connect Enterprise <12.0.9.0 - Info Disclosure

CVE-2024-0690 MEDIUM

ansible-core < 2.14.14 - Information Disclosure via ANSIBLE_NO_LOG Bypass

CVE-2024-0987 MEDIUM

Sichuan Yougou Technology KuERP <1.0.4 - Info Disclosure

CVE-2024-22229 LOW

Dell Unity Operating Environment - Authenticated Log Spoofing via Improper Output Encoding

CVE-2023-28952 MEDIUM

IBM Cognos Controller <11.0.0 - Command Injection

CVE-2023-39461 MEDIUM

Triangle MicroWorks SCADA Data Gateway - Code Injection

CVE-2023-6484 MEDIUM

Keycloak < 22.0.9 - Log Injection via WebAuthn Authentication Form

CVE-2023-38020 MEDIUM

IBM SOAR QRadar Plugin App <5.0.3 - Info Disclosure

CVE-2023-7234 MEDIUM

OPCUAServerToolkit - Info Disclosure

CVE-2023-46713 MEDIUM

Fortinet FortiWeb <7.4.0 - Info Disclosure

CVE-2023-6002 MEDIUM

YugabyteDB 2.14.0.0-2.14.13.9 - Cross-Site Scripting via Log Injection

CVE-2023-46322 CRITICAL

iTerm2 < 3.5.0beta12 - OS Command Injection via SSH URL Hostname

CVE-2023-46321 CRITICAL

iTerm2 <3.5.0beta12 - Path Traversal

CVE-2023-4065 MEDIUM

Red Hat AMQ Broker Operator - Info Disclosure

CVE-2023-4571 HIGH

Splunk IT Service Intelligence <4.13.3, 4.15.3, 4.17.1 - Code Injec...

CVE-2023-3997 HIGH

Splunk SOAR <6.1.0 - Code Injection

CVE-2023-37275 LOW

Auto-GPT < 0.4.3 - ANSI Escape Sequence Injection via JSON Decoding

CVE-2023-36924 MEDIUM

SAP ERP Defense Forces and Public Security - Authenticated Privileg...

Previous Page 3 of 4 Next

Details

Vulnerabilities 98

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy