Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-08-09 CVE-2019-11581 Injection vulnerability in Atlassian Jira Server
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions.
network
low complexity
atlassian CWE-74
critical
9.8
2019-08-09 CVE-2019-5404 Injection vulnerability in HP 3Par Storeserv Management Console 3.3.1/3.5
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
network
low complexity
hp CWE-74
8.8
2019-08-07 CVE-2016-10801 Injection vulnerability in Cpanel
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
network
low complexity
cpanel CWE-74
8.8
2019-08-02 CVE-2019-7889 Injection vulnerability in Magento
An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-74
6.5
2019-08-02 CVE-2017-18437 Injection vulnerability in Cpanel
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
local
low complexity
cpanel CWE-74
4.4
2019-08-02 CVE-2017-18389 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
network
low complexity
cpanel CWE-74
6.3
2019-08-02 CVE-2017-18387 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
network
low complexity
cpanel CWE-74
7.2
2019-08-02 CVE-2017-18386 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
network
low complexity
cpanel CWE-74
7.2
2019-08-01 CVE-2016-10847 Injection vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
network
low complexity
cpanel CWE-74
8.1
2019-08-01 CVE-2016-10845 Injection vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
network
low complexity
cpanel CWE-74
8.1