Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-04-03 CVE-2018-4153 Injection vulnerability in Apple mac OS X
An injection issue was addressed with improved validation.
network
high complexity
apple CWE-74
5.9
2019-03-06 CVE-2019-9614 Injection vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2
An issue was discovered in OFCMS before 1.1.3.
network
low complexity
ofcms-project CWE-74
8.8
2019-02-20 CVE-2019-8948 Injection vulnerability in Papercut MF
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
network
low complexity
papercut CWE-74
critical
9.8
2019-02-05 CVE-2018-18992 Injection vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
network
low complexity
lcds CWE-74
8.8
2019-02-05 CVE-2017-1202 Injection vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection.
network
low complexity
ibm CWE-74
5.4
2019-02-04 CVE-2019-7351 Injection vulnerability in Zoneminder
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.
network
low complexity
zoneminder CWE-74
6.5
2019-02-01 CVE-2018-16492 Injection vulnerability in Extend Project Extend
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
network
low complexity
extend-project CWE-74
critical
9.8
2019-02-01 CVE-2018-16491 Injection vulnerability in Dreamerslab Node.Extend
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
network
low complexity
dreamerslab CWE-74
critical
9.8
2019-02-01 CVE-2018-16490 Injection vulnerability in Mpath Project Mpath
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
network
low complexity
mpath-project CWE-74
7.5
2019-02-01 CVE-2018-16489 Injection vulnerability in Just-Extend Project Just-Extend
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
network
low complexity
just-extend-project CWE-74
critical
9.8