Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-29 | CVE-2016-3695 | Injection vulnerability in multiple products The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | 2.1 |
| 2017-12-22 | CVE-2017-15313 | Injection vulnerability in Huawei Smartcare V200R003C10 Huawei SmartCare V200R003C10 has a CSV injection vulnerability. | 6.5 |
| 2017-12-22 | CVE-2017-16766 | Injection vulnerability in Synology Diskstation Manager An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. | 6.4 |
| 2017-12-20 | CVE-2017-17790 | Injection vulnerability in Ruby-Lang Ruby The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. | 7.5 |
| 2017-12-14 | CVE-2017-17535 | Injection vulnerability in Gjots2 Project Gjots2 2.4.1 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |
| 2017-12-14 | CVE-2017-17534 | Injection vulnerability in Mensis Project Mensis 0.0.080507 uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. | 6.8 |
| 2017-12-14 | CVE-2017-17533 | Injection vulnerability in Tkabber Project Tkabber 1.1 default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17532 | Injection vulnerability in Kiwi Project Kiwi 1.9.22 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |
| 2017-12-14 | CVE-2017-17531 | Injection vulnerability in GNU Global 4.8.6 gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |
| 2017-12-14 | CVE-2017-17530 | Injection vulnerability in Geomview 1.9.5 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |