Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-5246 | Injection vulnerability in Traccar Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. | 6.5 |
| 2020-07-09 | CVE-2020-9376 | Injection vulnerability in Dlink Dir-610 Firmware D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. | 7.5 |
| 2020-07-08 | CVE-2020-11994 | Injection vulnerability in multiple products Server-Side Template Injection and arbitrary file disclosure on Camel templating components | 7.5 |
| 2020-07-07 | CVE-2020-12736 | Injection vulnerability in Code42 Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. | 7.2 |
| 2020-07-01 | CVE-2020-4027 | Injection vulnerability in Atlassian Confluence Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. | 4.7 |
| 2020-06-26 | CVE-2020-10753 | Injection vulnerability in multiple products A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). | 6.5 |
| 2020-06-25 | CVE-2018-21268 | Injection vulnerability in Traceroute Project Traceroute The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. | 9.8 |
| 2020-06-24 | CVE-2020-15011 | Injection vulnerability in multiple products GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | 4.3 |
| 2020-06-23 | CVE-2019-20409 | Injection vulnerability in Atlassian Jira Software Data Center The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | 9.8 |
| 2020-06-21 | CVE-2020-14954 | Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. | 5.9 |