Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-12-29 CVE-2016-3695 Injection vulnerability in multiple products
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
local
low complexity
linux redhat CWE-74
5.5
5.5
2017-12-22 CVE-2017-15313 Injection vulnerability in Huawei Smartcare V200R003C10
Huawei SmartCare V200R003C10 has a CSV injection vulnerability.
network
low complexity
huawei CWE-74
8.8
8.8
2017-12-22 CVE-2017-16766 Injection vulnerability in Synology Diskstation Manager
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
network
low complexity
synology CWE-74
6.5
6.5
2017-12-20 CVE-2017-17790 Injection vulnerability in Ruby-Lang Ruby
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405.
network
low complexity
ruby-lang CWE-74
critical
 9.8
9.8
2017-12-14 CVE-2017-17535 Injection vulnerability in Gjots2 Project Gjots2 2.4.1
lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
gjots2-project CWE-74
8.8
8.8
2017-12-14 CVE-2017-17534 Injection vulnerability in Mensis Project Mensis 0.0.080507
uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521.
network
low complexity
mensis-project CWE-74
8.8
8.8
2017-12-14 CVE-2017-17533 Injection vulnerability in Tkabber Project Tkabber 1.1
default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
tkabber-project CWE-74
8.8
8.8
2017-12-14 CVE-2017-17532 Injection vulnerability in Kiwi Project Kiwi 1.9.22
examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
kiwi-project CWE-74
8.8
8.8
2017-12-14 CVE-2017-17531 Injection vulnerability in GNU Global 4.8.6
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
gnu CWE-74
8.8
8.8
2017-12-14 CVE-2017-17530 Injection vulnerability in Geomview 1.9.5
common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
geomview CWE-74
8.8
8.8