Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-20	CVE-2020-15111	Injection vulnerability in Gofiber Fiber In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. network low complexity gofiber CWE-74	5.4
2020-07-17	CVE-2020-14928	Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. network high complexity gnome debian fedoraproject canonical CWE-74	5.9
2020-07-15	CVE-2020-14505	Injection vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. network low complexity advantech CWE-74 critical	9.8
2020-07-14	CVE-2020-5246	Injection vulnerability in Traccar Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. network low complexity traccar CWE-74	6.5
2020-07-09	CVE-2020-9376	Injection vulnerability in Dlink Dir-610 Firmware D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. network low complexity dlink CWE-74	7.5
2020-07-08	CVE-2020-11994	Injection vulnerability in multiple products Server-Side Template Injection and arbitrary file disclosure on Camel templating components network low complexity apache oracle CWE-74	7.5
2020-07-07	CVE-2020-12736	Injection vulnerability in Code42 Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. network low complexity code42 CWE-74	7.2
2020-07-01	CVE-2020-4027	Injection vulnerability in Atlassian Confluence Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. network low complexity atlassian CWE-74	4.7
2020-06-26	CVE-2020-10753	Injection vulnerability in multiple products A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). network low complexity redhat fedoraproject opensuse linuxfoundation canonical CWE-74	6.5
2020-06-25	CVE-2018-21268	Injection vulnerability in Traceroute Project Traceroute The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. network low complexity traceroute-project CWE-74 critical	9.8