Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-06-29 CVE-2021-20101 Injection vulnerability in Machform
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers.
network
machform CWE-74
5.8
2021-06-29 CVE-2021-23400 Injection vulnerability in Nodemailer
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
network
nodemailer CWE-74
6.8
2021-06-28 CVE-2021-20574 Injection vulnerability in IBM Security Identity Manager Adapter 6.0.0.0/7.0.0.0
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
ibm CWE-74
6.5
2021-06-25 CVE-2021-29676 Injection vulnerability in IBM Security Verify
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection.
network
ibm CWE-74
5.8
2021-06-24 CVE-2021-29955 Injection vulnerability in Mozilla Firefox
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks.
network
high complexity
mozilla CWE-74
2.6
2021-06-23 CVE-2021-29084 Injection vulnerability in Synology products
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-74
5.0
2021-06-23 CVE-2021-29085 Injection vulnerability in Synology products
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-74
5.0
2021-06-22 CVE-2021-0567 Injection vulnerability in Google Android 11.0
In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass.
local
low complexity
google CWE-74
4.6
2021-06-22 CVE-2021-20736 Injection vulnerability in Weseek Growi
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
network
low complexity
weseek CWE-74
6.4
2021-06-21 CVE-2018-25016 Injection vulnerability in Greenbone Security Assistant
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.
network
low complexity
greenbone CWE-74
7.5