Vulnerabilities (CVE)

Filtered by CWE-74
Total 961 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29631 1 Jodd 1 Jodd Http 2024-08-16 5.0 MEDIUM 7.5 HIGH
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.
CVE-2024-39227 1 Gl-inet 56 A1300, A1300 Firmware, Ap1300 and 53 more 2024-08-15 N/A 9.8 CRITICAL
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
CVE-2023-22527 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-08-14 N/A 9.8 CRITICAL
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
CVE-2024-34448 2024-08-07 N/A 8.8 HIGH
Ghost before 5.82.0 allows CSV Injection during a member CSV export.
CVE-2015-5377 1 Elastic 1 Elasticsearch 2024-08-06 7.5 HIGH 9.8 CRITICAL
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
CVE-2017-20187 1 Floriangaerber 1 Magnesium-php 2024-08-05 2.7 LOW 9.8 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2017-17533 1 Tkabber Project 1 Tkabber 2024-08-05 6.8 MEDIUM 8.8 HIGH
default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur because of the argument-parsing behavior of the Tcl exec function
CVE-2017-17530 1 Geomview 1 Geomview 2024-08-05 6.8 MEDIUM 8.8 HIGH
common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: this is disputed by a third party because no untrusted input can be used for the injection
CVE-2017-17527 2 Debian, Pasdoc Project 2 Debian Linux, Pasdoc 2024-08-05 6.8 MEDIUM 8.8 HIGH
delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used
CVE-2017-17522 1 Python 1 Python 2024-08-05 6.8 MEDIUM 8.8 HIGH
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting
CVE-2017-17520 1 Debian 1 Tin 2024-08-05 6.8 MEDIUM 8.8 HIGH
tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs.
CVE-2017-17518 1 White Dune Project 1 White Dune 2024-08-05 6.8 MEDIUM 8.8 HIGH
swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".
CVE-2017-17515 2 Debian, Ecmwf 2 Debian Linux, Metview 2024-08-05 6.8 MEDIUM 8.8 HIGH
etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product
CVE-2017-17514 2 Debian, Nip2 Project 2 Debian Linux, Nip2 2024-08-05 6.8 MEDIUM 8.8 HIGH
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable
CVE-2017-14523 1 Wondercms 1 Wondercms 2024-08-05 5.0 MEDIUM 7.5 HIGH
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
CVE-2017-9861 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2024-08-05 9.0 HIGH 9.8 CRITICAL
An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVE-2019-25031 2 Debian, Nlnetlabs 2 Debian Linux, Unbound 2024-08-05 4.3 MEDIUM 5.9 MEDIUM
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation
CVE-2020-28246 1 Form 1 Form.io 2024-08-04 7.5 HIGH 9.8 CRITICAL
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins.
CVE-2020-11441 1 Phpmyadmin 1 Phpmyadmin 2024-08-04 4.3 MEDIUM 6.1 MEDIUM
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
CVE-2020-9376 1 Dlink 2 Dir-610, Dir-610 Firmware 2024-08-04 5.0 MEDIUM 7.5 HIGH
D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer