Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-30 | CVE-2019-17558 | Injection vulnerability in multiple products Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. | 7.5 |
| 2019-12-26 | CVE-2019-19389 | Injection vulnerability in Jetbrains Ktor JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | 5.4 |
| 2019-12-26 | CVE-2013-4318 | Injection vulnerability in Feature Project Feature 0.3.0 File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory. | 5.4 |
| 2019-12-26 | CVE-2019-6034 | Injection vulnerability in Appleple A-Blog CMS a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors. | 6.1 |
| 2019-12-23 | CVE-2019-11045 | Injection vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. | 5.9 |
| 2019-12-18 | CVE-2019-8792 | Injection vulnerability in Apple Shazam 12.11.0/9.25.0 An injection issue was addressed with improved validation. | 8.8 |
| 2019-12-13 | CVE-2019-17123 | Injection vulnerability in Egain Mail 11 The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. | 7.5 |
| 2019-12-10 | CVE-2019-1490 | Injection vulnerability in Microsoft Skype for Business 2019 A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. | 5.4 |
| 2019-12-10 | CVE-2013-2095 | Injection vulnerability in Openshift-Origin-Controller Project Openshift-Origin-Controller rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | 9.8 |
| 2019-12-06 | CVE-2019-16771 | Injection vulnerability in Linecorp Armeria Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. | 6.5 |