CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,837 vulnerabilities with CWE-74
CVE-2020-28246 CRITICAL
Form.io 2.0.0 - Authenticated Server-Side Template Injection via Email Template Deletion
CVSS 9.8
CVE-2020-12965 HIGH
AMD Ryzen PRO Firmware - Data Leakage via Non-Canonical Address Handling
CVSS 7.5
CVE-2020-35213 HIGH
Atomix 3.1.5 - Denial of Service via False Link Event Messages
CVSS 8.1
CVE-2020-23050 HIGH
TAO Open Source Assessment Platform <3.3.0 RC02 - XSS
CVSS 8.0
CVE-2020-18875 HIGH
dotcms < 5.1.0 - Remote Privilege Escalation via VTL File Client Configuration Injection
CVSS 8.8
CVE-2020-23148 HIGH
rconfig 3.9.5 - LDAP Injection via userLogin Parameter
CVSS 7.5
CVE-2020-24826 MEDIUM
Libelfin v0.3 - Denial of Service via Crafted ELF File in elf::section::as_strtab
CVSS 5.5
CVE-2020-24825 MEDIUM
libelfin v0.3 - Denial of Service via Crafted ELF File
CVSS 5.5
CVE-2020-24823 MEDIUM
Libelfin v0.3 - Denial of Service via Crafted ELF File
CVSS 5.5
CVE-2020-24822 MEDIUM
libelfin v0.3 - Denial of Service via Crafted ELF File
CVSS 5.5
CVE-2020-24821 MEDIUM
libelfin v0.3 - Denial of Service via Crafted ELF File in dwarf::cursor::skip_form
CVSS 5.5
CVE-2020-5323 MEDIUM
Dell EMC OpenManage Enterprise < 3.2 & OpenManage Enterprise-Modular < 1.10.00 - XXE Injection
CVSS 5.4
CVE-2020-27212 HIGH
STMicroelectronics STM32L4 - Privilege Escalation
CVSS 7.0
CVE-2020-26142 MEDIUM
OpenBSD 6.6 - Network Packet Injection via Fragmented Frame Handling
CVSS 5.3
CVE-2020-36308 MEDIUM
Redmine < 4.0.7 and 4.1.x < 4.1.1 - Information Disclosure via CSV Export
CVSS 5.3
CVE-2020-7464 MEDIUM
FreeBSD Packet Injection via ure(4) Driver
CVSS 5.3
CVE-2020-36144 MEDIUM
Redash 8.0.0 - LDAP Injection via Username Search Filter
CVSS 5.3
CVE-2020-4851 MEDIUM
IBM Spectrum Scale 5.0.0-5.0.5.5 and 5.1.0-5.1.0.2 - Log Poisoning via Local User Input
CVSS 5.5
CVE-2020-14987 HIGH
Bloomreach Experience Manager <14.2.2 - RCE
CVSS 7.2
CVE-2020-12873 HIGH
Alfresco ECM <6.2.1 - Code Injection
CVSS 8.8
CVE-2020-35564 HIGH
MB CONNECT LINE mbconnect24 and mymbconnect24 < 2.6.2 - Remote Code Execution via Outdated Component
CVSS 7.5
CVE-2020-35775 CRITICAL
CITSmart < 9.1.2.23 - LDAP Injection
CVSS 9.8
CVE-2020-15690 CRITICAL
nim < 1.2.6 - CRLF Injection in asyncftpclient
CVSS 9.8
CVE-2020-26298 MEDIUM
Redcarpet < 3.5.1 - Cross-Site Scripting via Quote Processing
CVSS 6.8
CVE-2020-5019 MEDIUM
IBM Spectrum Protect Plus 10.1.0-10.1.6 - HTTP Header Injection via HOST Header
CVSS 6.5
Details
Vulnerabilities 4,837
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits