Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-12 | CVE-2020-11703 | Injection vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 7.5 |
| 2020-04-10 | CVE-2020-11002 | Injection vulnerability in Dropwizard Validation dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. | 8.8 |
| 2020-04-08 | CVE-2018-21051 | Injection vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. | 9.8 |
| 2020-04-07 | CVE-2017-18652 | Injection vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 9.8 |
| 2020-04-06 | CVE-2020-11593 | Injection vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 7.5 |
| 2020-04-03 | CVE-2020-10960 | Injection vulnerability in Mediawiki In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. | 5.3 |
| 2020-04-01 | CVE-2020-1958 | Injection vulnerability in Apache Druid 0.17.0 When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. | 6.5 |
| 2020-04-01 | CVE-2020-3884 | Injection vulnerability in Apple mac OS X An injection issue was addressed with improved validation. | 6.1 |
| 2020-03-31 | CVE-2020-11441 | Injection vulnerability in PHPmyadmin 5.0.2 phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. | 6.1 |
| 2020-03-24 | CVE-2020-6982 | Injection vulnerability in Honeywell Win-Pak 4.7.2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | 8.8 |