Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2021-37499 | Injection vulnerability in Reprisesoftware Reprise License Manager CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | 6.5 |
| 2023-01-20 | CVE-2023-20057 | Injection vulnerability in Cisco Asyncos A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. | 5.3 |
| 2023-01-18 | CVE-2023-0040 | Injection vulnerability in Asynchttpclient Project Async-Http-Client Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. | 7.5 |
| 2023-01-17 | CVE-2023-23749 | Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. | 7.5 |
| 2023-01-15 | CVE-2023-0302 | Injection vulnerability in Radare Radare2 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. | 7.8 |
| 2023-01-07 | CVE-2015-10027 | Injection vulnerability in Ttrrs-Auth-Ldap Project Ttrrs-Auth-Ldap 0.5 A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. | 9.8 |
| 2023-01-05 | CVE-2022-37933 | Injection vulnerability in HPE products A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. | 7.8 |
| 2023-01-03 | CVE-2022-42471 | Injection vulnerability in Fortinet Fortiweb An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. | 5.4 |
| 2022-12-30 | CVE-2022-4864 | Injection vulnerability in Froxlor Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 5.4 |
| 2022-12-22 | CVE-2022-40958 | Injection vulnerability in Mozilla Thunderbird By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. | 6.5 |