Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-21 | CVE-2023-24040 | Injection vulnerability in Opengroup Common Desktop Environment 1.6 dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. | 7.1 |
| 2023-01-20 | CVE-2022-3918 | Injection vulnerability in Apple Swift Foundation A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. | 8.8 |
| 2023-01-20 | CVE-2021-37499 | Injection vulnerability in Reprisesoftware Reprise License Manager CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | 6.5 |
| 2023-01-20 | CVE-2023-20057 | Injection vulnerability in Cisco Asyncos A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. | 5.3 |
| 2023-01-18 | CVE-2023-0040 | Injection vulnerability in Asynchttpclient Project Async-Http-Client Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. | 7.5 |
| 2023-01-17 | CVE-2023-23749 | Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. | 7.5 |
| 2023-01-15 | CVE-2023-0302 | Injection vulnerability in Radare Radare2 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. | 7.8 |
| 2023-01-07 | CVE-2015-10027 | Injection vulnerability in Ttrrs-Auth-Ldap Project Ttrrs-Auth-Ldap 0.5 A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. | 9.8 |
| 2023-01-05 | CVE-2022-37933 | Injection vulnerability in HPE products A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. | 7.8 |
| 2023-01-03 | CVE-2022-42471 | Injection vulnerability in Fortinet Fortiweb An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. | 5.4 |