CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74
CVE-2019-12303 HIGH
Rancher 2.0.0-2.2.3 - Authenticated Command Injection via Fluentd Configuration
CVSS 8.8
CVE-2019-6800 HIGH
TitanHQ SpamTitan >=7.00 <7.03 - Remote Code Execution via HTTP Spam Rule Update
CVSS 7.5
CVE-2019-3562 MEDIUM
Oculus Browser 5.2.7-5.7.11 - HTML Injection via Remote Web Page
CVSS 6.1
CVE-2019-2725 CRITICAL KEV
Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0 - Unauthenticated Remote Code Execution via HTTP
CVSS 9.8
CVE-2019-9900 HIGH
Envoy < 1.9.0 - HTTP Header Injection via Embedded NUL Characters
CVSS 8.3
CVE-2019-11354 HIGH
EA Origin 10.5.36 - Remote Code Execution via Origin2 URI Handler Template Injection
CVSS 7.8
CVE-2019-9614 HIGH
ofcms < 1.1.3 - Remote Code Execution via Freemarker Template Injection
CVSS 8.8
CVE-2019-8948 CRITICAL
PaperCut MF and NG < 18.3.6 - Script Injection via User Interface
CVSS 9.8
CVE-2019-1680 MEDIUM
Cisco Webex Business Suite < 3.0.9 - Unauthenticated Arbitrary Text Injection via Malicious URL
CVSS 4.3
CVE-2019-7351 MEDIUM
ZoneMinder <1.32.3 - Code Injection
CVSS 6.5
CVE-2019-6802 MEDIUM
pypiserver < 1.2.5 - CRLF Injection via URI
CVSS 6.1
CVE-2019-3498 MEDIUM
Django 1.11.x < 1.11.18, 2.0.x < 2.0.10, 2.1.x < 2.1.5 - Content Spoofing via 404 Error Page
CVSS 6.5
CVE-2018-25106 MEDIUM
WordPress NebulaX Theme <5.0 - SQL Injection
CVSS 6.3
CVE-2018-25016 CRITICAL
Greenbone Security Assistant < 7.0.3 and Greenbone OS < 5.0.0 - Host Header Injection
CVSS 9.8
CVE-2018-21268 CRITICAL
traceroute < 1.0.0 - Remote Command Injection via Host Parameter
CVSS 10.0
CVE-2018-21258 HIGH
Mattermost Server < 5.1.0 - Denial of Service via Invite People Slash Command
CVSS 7.5
CVE-2018-21208 HIGH
NETGEAR D6100/R6100/R7500/WNDR4300/WNDR4500 Firmware - Unauthenticated Command Injection
CVSS 8.8
CVE-2018-21228 MEDIUM
NETGEAR Multiple Models - Authenticated Command Injection
CVSS 6.8
CVE-2018-21227 MEDIUM
NETGEAR Multiple Router Models Firmware - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21123 HIGH
NETGEAR WC7500 WC7520 WC7600 < 6.5.3.9 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2018-21119 MEDIUM
NETGEAR WAC505 and WAC510 Firmware < 5.0.5.4 - Authenticated Command Injection
CVSS 6.8
CVE-2018-21114 MEDIUM
NETGEAR Multiple Devices - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21113 HIGH
NETGEAR D6100/D7800/R6100/R7500/R7800/R8900/R9000/WNDR3700/WNDR4300/WNDR4500 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2018-21112 MEDIUM
NETGEAR D7800/R7500v2/R7800/R8900/R9000 - Authenticated Command Injection
CVSS 6.8
CVE-2018-21146 MEDIUM
NETGEAR D7800/R7800/R8900/R9000/WNDR4300/WNDR4500 Firmware - Authenticated Command Injection
CVSS 6.8
Details
Vulnerabilities 4,843
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits