Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-12-14 CVE-2017-17529 Injection vulnerability in Abisource Abiword 3.0.22
af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
abisource CWE-74
8.8
2017-12-14 CVE-2017-17528 Injection vulnerability in Scummvm 1.9.0
backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
scummvm CWE-74
8.8
2017-12-14 CVE-2017-17527 Injection vulnerability in multiple products
delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
pasdoc-project debian CWE-74
8.8
2017-12-14 CVE-2017-17526 Injection vulnerability in Giac Project Giac 1.2.3.57
Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
giac-project CWE-74
8.8
2017-12-14 CVE-2017-17525 Injection vulnerability in Xtuple Postbooks 4.7.0
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
xtuple CWE-74
8.8
2017-12-14 CVE-2017-17524 Injection vulnerability in Swi-Prolog 7.2.3
library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
swi-prolog CWE-74
8.8
2017-12-14 CVE-2017-17522 Injection vulnerability in Python
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
python CWE-74
8.8
2017-12-14 CVE-2017-17521 Injection vulnerability in Fontforge
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.
network
low complexity
fontforge CWE-74
8.8
2017-12-14 CVE-2017-17520 Injection vulnerability in Debian TIN 2.4.1
tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
debian CWE-74
8.8
2017-12-14 CVE-2017-17519 Injection vulnerability in Ocaml Batteries Project Ocaml Batteries 2.6
batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
ocaml-batteries-project CWE-74
8.8