Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-15011 | Injection vulnerability in multiple products GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | 4.3 |
| 2020-06-23 | CVE-2019-20409 | Injection vulnerability in Atlassian Jira Software Data Center The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | 9.8 |
| 2020-06-21 | CVE-2020-14954 | Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. | 5.9 |
| 2020-06-19 | CVE-2020-13262 | Injection vulnerability in Gitlab Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 6.1 |
| 2020-06-19 | CVE-2016-11068 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.3 |
| 2020-06-19 | CVE-2020-9495 | Injection vulnerability in Apache Archiva Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. | 5.3 |
| 2020-06-19 | CVE-2017-18900 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 9.8 |
| 2020-06-19 | CVE-2018-21258 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 7.5 |
| 2020-06-04 | CVE-2019-16385 | Injection vulnerability in Cybelesoft Thinfinity Virtualui Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. | 6.1 |
| 2020-05-14 | CVE-2020-5574 | Injection vulnerability in Sixapart Movable Type HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors. | 5.3 |