Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-03 | CVE-2021-21580 | Injection vulnerability in Dell EMC Idrac8 Firmware and EMC Idrac9 Firmware Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate. | 4.3 |
| 2021-08-02 | CVE-2021-35450 | Injection vulnerability in Entando Admin Console A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute | 7.2 |
| 2021-08-02 | CVE-2021-33195 | Injection vulnerability in multiple products Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | 7.3 |
| 2021-07-30 | CVE-2021-32558 | Injection vulnerability in multiple products An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. | 7.5 |
| 2021-07-23 | CVE-2021-3169 | Injection vulnerability in Jumpserver An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets. | 9.8 |
| 2021-07-19 | CVE-2020-5323 | Injection vulnerability in Dell products Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. | 8.1 |
| 2021-07-14 | CVE-2021-0594 | Injection vulnerability in Google Android In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. | 8.0 |
| 2021-07-12 | CVE-2021-36381 | Injection vulnerability in Edifecs Transaction Management 20210712 In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. | 5.3 |
| 2021-07-06 | CVE-2021-22232 | Injection vulnerability in Gitlab HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | 5.4 |
| 2021-06-29 | CVE-2021-20101 | Injection vulnerability in Machform Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. | 6.1 |