Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-36381 | Injection vulnerability in Edifecs Transaction Management 20210712 In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. | 5.3 |
| 2021-07-06 | CVE-2021-22232 | Injection vulnerability in Gitlab HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | 5.4 |
| 2021-06-29 | CVE-2021-20101 | Injection vulnerability in Machform Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. | 6.1 |
| 2021-06-29 | CVE-2021-23400 | Injection vulnerability in Nodemailer The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | 8.8 |
| 2021-06-28 | CVE-2021-20574 | Injection vulnerability in IBM Security Identity Manager Adapter 6.0.0.0/7.0.0.0 IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
| 2021-06-25 | CVE-2021-29676 | Injection vulnerability in IBM Security Verify IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. | 5.4 |
| 2021-06-24 | CVE-2021-24002 | Injection vulnerability in Mozilla Thunderbird When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. | 8.8 |
| 2021-06-24 | CVE-2021-29955 | Injection vulnerability in Mozilla Firefox A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. | 5.3 |
| 2021-06-23 | CVE-2021-29084 | Injection vulnerability in Synology products Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2021-06-23 | CVE-2021-29085 | Injection vulnerability in Synology products Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |