Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2022-42472 | Injection vulnerability in Fortinet Fortios and Fortiproxy A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | 5.4 |
| 2023-02-16 | CVE-2023-23936 | Injection vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 5.4 |
| 2023-02-14 | CVE-2023-25141 | Injection vulnerability in Apache Sling JCR Base Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. | 7.5 |
| 2023-02-13 | CVE-2023-25719 | Injection vulnerability in Connectwise Control 19.3.25270.7185 ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. | 8.8 |
| 2023-01-26 | CVE-2023-0493 | Injection vulnerability in Btcpayserver Btcpay Server Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. | 8.8 |
| 2023-01-26 | CVE-2022-47052 | Injection vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.1121.0.1/1.1.0.1141.0.1 The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. | 6.1 |
| 2023-01-26 | CVE-2023-0476 | Injection vulnerability in Tenable Tenable.Sc A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. | 6.5 |
| 2023-01-21 | CVE-2023-24040 | Injection vulnerability in Opengroup Common Desktop Environment 1.6 dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. | 7.1 |
| 2023-01-20 | CVE-2022-3918 | Injection vulnerability in Apple Swift Foundation A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. | 8.8 |
| 2023-01-20 | CVE-2023-20057 | Injection vulnerability in Cisco Asyncos A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. | 5.3 |