Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-7475 | Injection vulnerability in Schneider-Electric products A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. | 9.8 |
| 2020-03-21 | CVE-2013-7487 | Injection vulnerability in Swann products On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | 9.8 |
| 2020-03-20 | CVE-2019-18860 | Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | 6.1 |
| 2020-03-19 | CVE-2019-12416 | Injection vulnerability in Apache Deltaspike we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. | 6.1 |
| 2020-03-18 | CVE-2020-8468 | Injection vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. | 8.8 |
| 2020-03-16 | CVE-2019-11073 | Injection vulnerability in Paessler Prtg Network Monitor A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. | 7.2 |
| 2020-03-12 | CVE-2020-6858 | Injection vulnerability in Hotels Styx Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. | 6.5 |
| 2020-03-10 | CVE-2020-5259 | Injection vulnerability in Linuxfoundation Dojox In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. | 8.6 |
| 2020-03-09 | CVE-2019-19614 | Injection vulnerability in Halvotec Raquest 10.23.10801.0 An issue was discovered in Halvotec RAQuest 10.23.10801.0. | 7.5 |
| 2020-03-04 | CVE-2020-9757 | Injection vulnerability in Craftcms Craft CMS The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. | 9.8 |