Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-05 | CVE-2021-31988 | Injection vulnerability in Axis products A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | 8.8 |
| 2021-10-05 | CVE-2021-35504 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | 7.2 |
| 2021-10-05 | CVE-2021-35505 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | 7.2 |
| 2021-10-02 | CVE-2021-41862 | Injection vulnerability in Aviatorscript Project Aviatorscript AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL). | 9.8 |
| 2021-09-21 | CVE-2021-41084 | Injection vulnerability in Typelevel Http4S http4s is an open source scala interface for HTTP. | 4.7 |
| 2021-09-21 | CVE-2021-29795 | Injection vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. | 6.0 |
| 2021-09-17 | CVE-2021-41392 | Injection vulnerability in Boostnote static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. | 9.8 |
| 2021-09-17 | CVE-2021-41390 | Injection vulnerability in Ericsson Enterprise Content Management 18.0 In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. | 8.0 |
| 2021-09-16 | CVE-2021-41314 | Injection vulnerability in Netgear products Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). | 8.8 |
| 2021-09-15 | CVE-2021-39213 | Injection vulnerability in Glpi-Project Glpi GLPI is a free Asset and IT management software package. | 8.8 |