Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-06 | CVE-2020-7631 | Injection vulnerability in Diskusage-Ng Project Diskusage-Ng 0.2.2/0.2.3/0.2.4 diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | 7.5 |
| 2020-04-01 | CVE-2020-1958 | Injection vulnerability in Apache Druid 0.17.0 When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. | 6.5 |
| 2020-04-01 | CVE-2020-10948 | Injection vulnerability in Alienform2 Project Alienform2 2.0.2 Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. | 10.0 |
| 2020-04-01 | CVE-2020-3884 | Injection vulnerability in Apple mac OS X An injection issue was addressed with improved validation. | 4.3 |
| 2020-04-01 | CVE-2020-7947 | Injection vulnerability in Auth0 Login BY Auth0 An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. | 7.5 |
| 2020-03-31 | CVE-2020-11441 | Injection vulnerability in PHPmyadmin 5.0.2 phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. | 6.1 |
| 2020-03-25 | CVE-2020-5558 | Injection vulnerability in Cutephp Cutenews 2.0.1 CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. | 9.0 |
| 2020-03-24 | CVE-2020-6982 | Injection vulnerability in Honeywell Win-Pak 4.7.2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | 5.8 |
| 2020-03-23 | CVE-2020-10879 | Injection vulnerability in Rconfig rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | 7.5 |
| 2020-03-23 | CVE-2020-7475 | Injection vulnerability in Schneider-Electric products A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. | 7.5 |