CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74
CVE-2017-15313 HIGH
Huawei SmartCare V200R003C10 - Authenticated CSV Injection
CVSS 8.8
CVE-2017-16766 MEDIUM
Synology DSM <6.1.4-15217, <6.0.3-8754-6 - XSS
CVSS 6.5
CVE-2017-17790 CRITICAL
Ruby < 2.4.3 - Command Injection via Resolv::Hosts::new Argument
CVSS 9.8
CVE-2017-17535 HIGH
gjots2 2.4.1 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17534 HIGH
Mensis 0.0.080507 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17533 HIGH
Tkabber 1.1 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17532 HIGH
Kiwi 1.9.22 - Command Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17531 HIGH
GNU GLOBAL - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17530 HIGH
Geomview 1.9.5 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17529 HIGH
AbiWord 3.0.2-2 - Command Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17528 HIGH
ScummVM 1.9.0 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17527 HIGH
PasDoc 0.14 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17526 HIGH
Giac 1.2.3.57 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17525 HIGH
xTuple PostBooks 4.7.0 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17524 HIGH
SWI-Prolog 7.2.3 - Command Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17522 HIGH
Python < 3.6.3 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17521 HIGH
FontForge < 20170731 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17520 HIGH
TIN 2.4.1 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17519 HIGH
OCaml Batteries Included 2.6 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17518 HIGH
white_dune 0.30.10 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17517 HIGH
Sylpheed < 3.6 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17516 HIGH
Reddit Terminal Viewer 1.19.0 - Command Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17515 HIGH
Metview 4.7.3 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17514 HIGH
nip2 8.4.0 - Command Injection via BROWSER Environment Variable
CVSS 8.8
CVE-2017-17513 HIGH
TeX Live < 20170524 - Argument Injection via BROWSER Environment Variable
CVSS 8.8
Details
Vulnerabilities 4,843
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits