Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-23 | CVE-2020-25596 | Injection vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 5.5 |
| 2020-09-17 | CVE-2020-15186 | Injection vulnerability in Helm In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. | 2.7 |
| 2020-09-17 | CVE-2020-15184 | Injection vulnerability in Helm In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. | 2.7 |
| 2020-09-10 | CVE-2020-15171 | Injection vulnerability in Xwiki In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. | 6.6 |
| 2020-08-28 | CVE-2020-15164 | Injection vulnerability in Scratch-Wiki Scratch Login 1.1 in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. | 10.0 |
| 2020-08-26 | CVE-2020-12855 | Injection vulnerability in Seczetta Neprofile 3.3.11 A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. | 8.8 |
| 2020-08-26 | CVE-2020-13863 | Injection vulnerability in Mitel Micollab The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. | 8.1 |
| 2020-08-24 | CVE-2020-24364 | Injection vulnerability in Ethz Minetime MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. | 8.8 |
| 2020-08-21 | CVE-2020-15147 | Injection vulnerability in Cogboard RED Discord BOT Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. | 8.5 |
| 2020-08-21 | CVE-2020-15140 | Injection vulnerability in Cogboard RED Discord BOT In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. | 9.6 |