Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-30 | CVE-2022-4864 | Injection vulnerability in Froxlor Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 5.4 |
| 2022-12-27 | CVE-2022-4768 | Injection vulnerability in Dropbox Merou A vulnerability was found in Dropbox merou. | 9.8 |
| 2022-12-22 | CVE-2022-40958 | Injection vulnerability in Mozilla Thunderbird By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. | 6.5 |
| 2022-12-22 | CVE-2022-46873 | Injection vulnerability in Mozilla Firefox Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. | 8.8 |
| 2022-12-16 | CVE-2022-42544 | Injection vulnerability in Google Android 13.0 In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. | 7.8 |
| 2022-12-13 | CVE-2022-46265 | Injection vulnerability in Siemens Polarion ALM 21.0 A vulnerability has been identified in Polarion ALM (All versions < V2304.0). | 5.4 |
| 2022-12-07 | CVE-2022-45910 | Injection vulnerability in Apache Manifoldcf Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions. | 5.3 |
| 2022-12-07 | CVE-2022-3643 | Injection vulnerability in multiple products Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. | 6.5 |
| 2022-12-04 | CVE-2022-35507 | Injection vulnerability in Proxmox products A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. | 7.1 |
| 2022-11-30 | CVE-2022-4188 | Injection vulnerability in Google Chrome Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 4.3 |