Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-117 (日志输出的转义处理不恰当) — Vulnerability Class 81

81 vulnerabilities classified as CWE-117 (日志输出的转义处理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing 4.3 Medium2025-01-28
CVE-2024-35150 IBM Maximo Application Suite log manipulation — Maximo Application Suite 5.3 Medium2025-01-25
CVE-2024-52891 IBM Concert Software log manipulation — Concert Software 5.4 Medium2025-01-07
CVE-2024-7696 AXIS Camera Station Pro 安全漏洞 — AXIS Camera Station Pro 6.3 Medium2025-01-07
CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs — terraform-provider-power-platform 6.5AIMediumAI2024-09-25
CVE-2024-45808 Malicious log injection via access logs in envoy — envoy 6.5 Medium2024-09-19
CVE-2024-8334 master-nan Sweet-CMS log.go LogHandler neutralization for logs — Sweet-CMS 4.3 Medium2024-08-30
CVE-2024-8297 kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs — Digital Library Management System 5.3 Medium2024-08-29
CVE-2024-23194 Gallagher Command Centre 安全漏洞 — Command Centre 3.3 Low2024-07-11
CVE-2024-0095 CVE — NVIDIA Triton Inference Server 4.3 Critical2024-06-13
CVE-2023-28952 IBM Cognos Controller log injection — Cognos Controller 5.3 Medium2024-05-03
CVE-2023-39461 Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability — SCADA Data Gateway 8.8 -2024-05-03
CVE-2024-25047 IBM Cognos Analytics log injection — Cognos Analytics 8.6 High2024-05-02
CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration 5.3 Medium2024-04-25
CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors — corydolphin/flask-cors 6.5 -2024-04-19
CVE-2024-22356 IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure — App Connect Enterprise 4.9 Medium2024-03-26
CVE-2024-0690 Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration 5.0 Medium2024-02-06
CVE-2023-38020 IBM SOAR QRadar Plugin App log injection — SOAR QRadar Plugin App 4.3 Medium2024-02-02
CVE-2024-0987 Sichuan Yougou Technology KuERP log neutralization for logs — KuERP 6.3 Medium2024-01-29
CVE-2024-22229 Dell Unity 安全漏洞 — Unity 3.1 Low2024-01-24
CVE-2023-7234 Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs — OPC UA Server Toolkit 5.3 Medium2024-01-16
CVE-2023-46713 Fortinet FortiWeb 安全漏洞 — FortiWeb 4.9 Medium2023-12-13
CVE-2023-6002 Log Injection — YugabyteDB 6.5 Medium2023-11-07
CVE-2023-4065 Operator: plaintext password in operator log — RHEL-8 based Middleware Containers 5.5 Medium2023-09-26
CVE-2023-4571 Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI) — Splunk ITSI 8.6 High2023-08-30
CVE-2023-3997 Unauthenticated Log Injection In Splunk SOAR — Splunk SOAR (On-premises) 8.6 High2023-07-31
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences — Auto-GPT 3.1 Low2023-07-13
CVE-2023-36924 Log Injection vulnerability in SAP ERP Defense Forces and Public Security — SAP ERP Defense Forces and Public Security 4.9 Medium2023-07-11
CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) — SAP NetWeaver AS for Java (Log Viewer) 5.3 Medium2023-07-11
CVE-2023-32712 Unauthenticated Log Injection in Splunk Enterprise — Splunk Enterprise 8.6 High2023-06-01

Vulnerabilities classified as CWE-117 (日志输出的转义处理不恰当) represent 81 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.