Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-23 | CVE-2021-3169 | Injection vulnerability in Jumpserver An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets. | 9.8 |
| 2021-07-19 | CVE-2020-5323 | Injection vulnerability in Dell products Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. | 8.1 |
| 2021-07-14 | CVE-2021-0594 | Injection vulnerability in Google Android In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. | 8.0 |
| 2021-07-12 | CVE-2021-36381 | Injection vulnerability in Edifecs Transaction Management 20210712 In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. | 5.3 |
| 2021-07-06 | CVE-2021-22232 | Injection vulnerability in Gitlab HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | 5.4 |
| 2021-06-29 | CVE-2021-20101 | Injection vulnerability in Machform Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. | 6.1 |
| 2021-06-29 | CVE-2021-23400 | Injection vulnerability in Nodemailer The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | 8.8 |
| 2021-06-28 | CVE-2021-20574 | Injection vulnerability in IBM Security Identity Manager Adapter 6.0.0.0/7.0.0.0 IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
| 2021-06-25 | CVE-2021-29676 | Injection vulnerability in IBM Security Verify IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. | 5.4 |
| 2021-06-24 | CVE-2021-24002 | Injection vulnerability in Mozilla Thunderbird When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. | 8.8 |