Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000454 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 7.8 |
| 2018-01-02 | CVE-2017-1000453 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 9.8 |
| 2017-12-29 | CVE-2013-4578 | Injection vulnerability in Oracle JDK and JRE jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. | 5.3 |
| 2017-12-29 | CVE-2016-3695 | Injection vulnerability in multiple products The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | 5.5 |
| 2017-12-22 | CVE-2017-15313 | Injection vulnerability in Huawei Smartcare V200R003C10 Huawei SmartCare V200R003C10 has a CSV injection vulnerability. | 8.8 |
| 2017-12-22 | CVE-2017-16766 | Injection vulnerability in Synology Diskstation Manager An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. | 6.5 |
| 2017-12-20 | CVE-2017-17790 | Injection vulnerability in Ruby-Lang Ruby The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. | 9.8 |
| 2017-12-14 | CVE-2017-17535 | Injection vulnerability in Gjots2 Project Gjots2 2.4.1 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17534 | Injection vulnerability in Mensis Project Mensis 0.0.080507 uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. | 8.8 |
| 2017-12-14 | CVE-2017-17533 | Injection vulnerability in Tkabber Project Tkabber 1.1 default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |