Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-10 | CVE-2023-31209 | Injection vulnerability in multiple products Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 8.8 |
2023-08-09 | CVE-2023-33241 | Injection vulnerability in multiple products Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. | 9.1 |
2023-08-09 | CVE-2023-33242 | Injection vulnerability in Lindell17 Project Lindell17 Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature. | 8.1 |
2023-08-08 | CVE-2023-39213 | Injection vulnerability in Zoom Virtual Desktop Infrastructure and Zoom Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access. | 9.8 |
2023-08-04 | CVE-2023-4157 | Injection vulnerability in Omeka S CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3. | 4.8 |
2023-08-01 | CVE-2023-36210 | Injection vulnerability in Motocms 3.4.3 MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter. | 9.8 |
2023-07-28 | CVE-2023-38609 | Injection vulnerability in Apple Macos An injection issue was addressed with improved input validation. | 7.5 |
2023-07-24 | CVE-2023-38060 | Injection vulnerability in Otrs Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 8.8 |
2023-07-20 | CVE-2020-24275 | Injection vulnerability in Swoole 4.5.2 A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | 6.5 |
2023-07-06 | CVE-2023-36188 | Injection vulnerability in Langchain 0.0.64 An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | 9.8 |