Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|2021-06-29||CVE-2021-20101|| Injection vulnerability in Machform |
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers.
| 5.8 |
|2021-06-29||CVE-2021-23400|| Injection vulnerability in Nodemailer |
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
| 6.8 |
|2021-06-28||CVE-2021-20574|| Injection vulnerability in IBM Security Identity Manager Adapter 220.127.116.11/18.104.22.168 |
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection.
| 6.5 |
|2021-06-25||CVE-2021-29676|| Injection vulnerability in IBM Security Verify |
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection.
| 5.8 |
|2021-06-24||CVE-2021-29955|| Injection vulnerability in Mozilla Firefox |
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks.
| 2.6 |
|2021-06-23||CVE-2021-29084|| Injection vulnerability in Synology products |
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
| 5.0 |
|2021-06-23||CVE-2021-29085|| Injection vulnerability in Synology products |
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
| 5.0 |
|2021-06-22||CVE-2021-0567|| Injection vulnerability in Google Android 11.0 |
In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass.
| 4.6 |
|2021-06-22||CVE-2021-20736|| Injection vulnerability in Weseek Growi |
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
| 6.4 |
|2021-06-21||CVE-2018-25016|| Injection vulnerability in Greenbone Security Assistant |
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.
| 7.5 |