Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-03 | CVE-2013-4486 | Injection vulnerability in Redhat Zanata Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | 9.8 |
| 2019-11-27 | CVE-2011-2717 | Injection vulnerability in multiple products The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | 9.8 |
| 2019-11-27 | CVE-2019-19330 | Injection vulnerability in multiple products The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | 9.8 |
| 2019-11-26 | CVE-2019-16254 | Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. | 5.3 |
| 2019-11-26 | CVE-2011-3624 | Injection vulnerability in Ruby-Lang Ruby 1.8.7/1.9.2 Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | 5.3 |
| 2019-11-22 | CVE-2019-4216 | Injection vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. | 4.6 |
| 2019-11-21 | CVE-2014-3700 | Injection vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | 9.8 |
| 2019-11-13 | CVE-2010-4654 | Injection vulnerability in multiple products poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | 7.8 |
| 2019-11-06 | CVE-2019-8135 | Injection vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 9.8 |
| 2019-11-04 | CVE-2010-3668 | Injection vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | 7.5 |