Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-4092 | Injection vulnerability in Gitlab 15.6.0 An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. | 8.0 |
| 2023-01-26 | CVE-2023-0476 | Injection vulnerability in Tenable Tenable.Sc A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. | 6.5 |
| 2023-01-21 | CVE-2023-24040 | Injection vulnerability in Opengroup Common Desktop Environment 1.6 ** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. | 7.1 |
| 2023-01-20 | CVE-2022-3918 | Injection vulnerability in Apple Swift Foundation A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. | 8.8 |
| 2023-01-20 | CVE-2021-37499 | Injection vulnerability in Reprisesoftware Reprise License Manager CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | 6.5 |
| 2023-01-20 | CVE-2023-20057 | Injection vulnerability in Cisco Asyncos A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.3 |
| 2023-01-19 | CVE-2017-20174 | Injection vulnerability in Getkirby Webmentions A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. | 9.8 |
| 2023-01-18 | CVE-2023-0040 | Injection vulnerability in Asynchttpclient Project Async-Http-Client Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. | 7.5 |
| 2023-01-17 | CVE-2023-23749 | Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. | 7.5 |
| 2023-01-17 | CVE-2015-10062 | Injection vulnerability in Galaxyproject Galaxy A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. | 9.8 |