Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2023-0040 | Injection vulnerability in Asynchttpclient Project Async-Http-Client Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. | 7.5 |
| 2023-01-17 | CVE-2023-23749 | Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. | 7.5 |
| 2023-01-15 | CVE-2023-0302 | Injection vulnerability in Radare Radare2 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. | 7.8 |
| 2023-01-07 | CVE-2015-10027 | Injection vulnerability in Ttrrs-Auth-Ldap Project Ttrrs-Auth-Ldap 0.5 A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. | 9.8 |
| 2023-01-05 | CVE-2022-37933 | Injection vulnerability in HPE products A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. | 7.8 |
| 2023-01-03 | CVE-2022-42471 | Injection vulnerability in Fortinet Fortiweb An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. | 5.4 |
| 2022-12-30 | CVE-2022-4864 | Injection vulnerability in Froxlor Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 5.4 |
| 2022-12-22 | CVE-2022-40958 | Injection vulnerability in Mozilla Thunderbird By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. | 6.5 |
| 2022-12-22 | CVE-2022-46873 | Injection vulnerability in Mozilla Firefox Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. | 8.8 |
| 2022-12-16 | CVE-2022-42544 | Injection vulnerability in Google Android 13.0 In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. | 7.8 |