Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-23400 | Injection vulnerability in Nodemailer The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | 8.8 |
| 2021-06-28 | CVE-2021-20574 | Injection vulnerability in IBM Security Identity Manager Adapter 6.0.0.0/7.0.0.0 IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
| 2021-06-25 | CVE-2021-29676 | Injection vulnerability in IBM Security Verify IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. | 5.4 |
| 2021-06-24 | CVE-2021-24002 | Injection vulnerability in Mozilla Thunderbird When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. | 8.8 |
| 2021-06-24 | CVE-2021-29955 | Injection vulnerability in Mozilla Firefox A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. | 5.3 |
| 2021-06-23 | CVE-2021-29084 | Injection vulnerability in Synology products Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2021-06-23 | CVE-2021-29085 | Injection vulnerability in Synology products Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2021-06-22 | CVE-2021-0551 | Injection vulnerability in Google Android 11.0 In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. | 6.5 |
| 2021-06-22 | CVE-2021-0553 | Injection vulnerability in Google Android 11.0 In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. | 7.3 |
| 2021-06-22 | CVE-2021-0567 | Injection vulnerability in Google Android 11.0 In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. | 7.8 |