Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-04 | CVE-2020-24825 | Injection vulnerability in Libelfin Project Libelfin 0.3 A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | 5.5 |
| 2021-08-04 | CVE-2020-24826 | Injection vulnerability in Libelfin Project Libelfin 0.3 A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | 5.5 |
| 2021-08-03 | CVE-2021-38084 | Injection vulnerability in Courier-Mta Courier Mail Server An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. | 8.1 |
| 2021-08-03 | CVE-2021-21580 | Injection vulnerability in Dell EMC Idrac8 Firmware and EMC Idrac9 Firmware Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate. | 4.3 |
| 2021-08-02 | CVE-2021-35450 | Injection vulnerability in Entando Admin Console A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute | 7.2 |
| 2021-08-02 | CVE-2021-33195 | Injection vulnerability in multiple products Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | 7.3 |
| 2021-07-30 | CVE-2021-32558 | Injection vulnerability in multiple products An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. | 7.5 |
| 2021-07-23 | CVE-2021-3169 | Injection vulnerability in Jumpserver An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets. | 9.8 |
| 2021-07-19 | CVE-2020-5323 | Injection vulnerability in Dell products Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. | 8.1 |
| 2021-07-14 | CVE-2021-0594 | Injection vulnerability in Google Android In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. | 8.0 |