Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-02 | CVE-2021-41862 | Injection vulnerability in Aviatorscript Project Aviatorscript AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL). | 9.8 |
| 2021-09-21 | CVE-2021-41084 | Injection vulnerability in Typelevel Http4S http4s is an open source scala interface for HTTP. | 4.7 |
| 2021-09-21 | CVE-2021-29795 | Injection vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. | 6.0 |
| 2021-09-17 | CVE-2021-41392 | Injection vulnerability in Boostnote static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. | 9.8 |
| 2021-09-17 | CVE-2021-41390 | Injection vulnerability in Ericsson Enterprise Content Management 18.0 In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. | 8.0 |
| 2021-09-16 | CVE-2021-41314 | Injection vulnerability in Netgear products Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). | 8.8 |
| 2021-09-15 | CVE-2021-39213 | Injection vulnerability in Glpi-Project Glpi GLPI is a free Asset and IT management software package. | 8.8 |
| 2021-09-08 | CVE-2021-30777 | Injection vulnerability in Apple mac OS X and Macos An injection issue was addressed with improved validation. | 7.8 |
| 2021-09-07 | CVE-2021-40143 | Injection vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. | 8.2 |
| 2021-08-18 | CVE-2020-18875 | Injection vulnerability in Dotcms Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. | 8.8 |