Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-20 | CVE-2021-28829 | Injection vulnerability in Tibco Administrator The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. | 8.0 |
| 2021-04-15 | CVE-2021-31402 | Injection vulnerability in Flutterchina DIO 4.0.0 The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669. | 7.5 |
| 2021-04-14 | CVE-2021-27182 | Injection vulnerability in Altn Mdaemon An issue was discovered in MDaemon before 20.0.4. | 8.8 |
| 2021-04-14 | CVE-2021-22879 | Injection vulnerability in multiple products Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. | 8.8 |
| 2021-04-06 | CVE-2020-36308 | Injection vulnerability in multiple products Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. | 5.3 |
| 2021-04-05 | CVE-2021-30057 | Injection vulnerability in ENG Knowage A stored HTML injection vulnerability exists in Knowage Suite version 7.1. | 4.8 |
| 2021-03-26 | CVE-2020-7464 | Injection vulnerability in Freebsd In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. | 5.3 |
| 2021-03-26 | CVE-2021-3027 | Injection vulnerability in Librit Passhport app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. | 6.5 |
| 2021-03-25 | CVE-2021-29156 | Injection vulnerability in Forgerock Openam ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. | 7.5 |
| 2021-03-24 | CVE-2021-1432 | Injection vulnerability in Cisco IOS XE and IOS XE Sd-Wan A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. | 7.3 |