Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-30 | CVE-2020-14193 | Injection vulnerability in Atlassian Automation for Jira Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. | 5.4 |
| 2020-11-25 | CVE-2020-26238 | Injection vulnerability in Cron-Utils Project Cron-Utils Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. | 8.1 |
| 2020-11-24 | CVE-2020-13942 | Injection vulnerability in Apache Unomi 1.5.0/1.5.1 It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. | 9.8 |
| 2020-11-19 | CVE-2020-28949 | Injection vulnerability in multiple products Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. | 7.8 |
| 2020-11-18 | CVE-2020-26081 | Injection vulnerability in Cisco IOT Field Network Director Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. | 6.1 |
| 2020-11-18 | CVE-2020-26884 | Injection vulnerability in RSA Archer RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. | 6.1 |
| 2020-11-16 | CVE-2020-27627 | Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | 6.1 |
| 2020-11-13 | CVE-2020-26222 | Injection vulnerability in Dependabot Project Dependabot Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. | 8.8 |
| 2020-11-02 | CVE-2020-28031 | Injection vulnerability in Eramba 2.8.1 eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. | 4.3 |
| 2020-10-21 | CVE-2020-3561 | Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. | 4.7 |