Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-14 | CVE-2017-17529 | Injection vulnerability in Abisource Abiword 3.0.22 af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |
| 2017-12-14 | CVE-2017-17528 | Injection vulnerability in Scummvm 1.9.0 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |
| 2017-12-14 | CVE-2017-17527 | Injection vulnerability in multiple products delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17526 | Injection vulnerability in Giac Project Giac 1.2.3.57 Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |
| 2017-12-14 | CVE-2017-17525 | Injection vulnerability in Xtuple Postbooks 4.7.0 guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |
| 2017-12-14 | CVE-2017-17524 | Injection vulnerability in Swi-Prolog 7.2.3 library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |
| 2017-12-14 | CVE-2017-17522 | Injection vulnerability in Python Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17521 | Injection vulnerability in Fontforge uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. | 6.8 |
| 2017-12-14 | CVE-2017-17520 | Injection vulnerability in Debian TIN 2.4.1 tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17519 | Injection vulnerability in Ocaml Batteries Project Ocaml Batteries 2.6 batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 6.8 |