Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-14 | CVE-2023-25616 | Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430 In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. | 8.8 |
| 2023-03-08 | CVE-2023-26261 | Injection vulnerability in Ubikasec Waap Cloud and Waap Gateway In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. | 9.8 |
| 2023-03-07 | CVE-2023-27479 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 9.9 |
| 2023-03-05 | CVE-2023-27635 | Injection vulnerability in Debian Debmany 0.88.1 debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. | 7.8 |
| 2023-02-27 | CVE-2022-42797 | Injection vulnerability in Apple Xcode An injection issue was addressed with improved input validation. | 7.8 |
| 2023-02-22 | CVE-2023-20858 | Injection vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. | 7.2 |
| 2023-02-20 | CVE-2023-25613 | Injection vulnerability in Apache Identity Backend An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | 9.8 |
| 2023-02-17 | CVE-2022-36775 | Injection vulnerability in IBM products IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.5 |
| 2023-02-16 | CVE-2022-42472 | Injection vulnerability in Fortinet Fortios and Fortiproxy A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | 5.4 |
| 2023-02-16 | CVE-2023-23936 | Injection vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 5.4 |