Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-13 | CVE-2019-17123 | Injection vulnerability in Egain Mail 11 The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. | 7.5 |
| 2019-12-10 | CVE-2019-1490 | Injection vulnerability in Microsoft Skype for Business 2019 A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. | 5.4 |
| 2019-12-10 | CVE-2013-2095 | Injection vulnerability in Openshift-Origin-Controller Project Openshift-Origin-Controller rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | 9.8 |
| 2019-12-06 | CVE-2019-16771 | Injection vulnerability in Linecorp Armeria Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. | 6.5 |
| 2019-12-03 | CVE-2013-4486 | Injection vulnerability in Redhat Zanata Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | 9.8 |
| 2019-11-27 | CVE-2011-2717 | Injection vulnerability in multiple products The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | 9.8 |
| 2019-11-27 | CVE-2019-19330 | Injection vulnerability in multiple products The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | 9.8 |
| 2019-11-26 | CVE-2019-16254 | Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. | 5.3 |
| 2019-11-26 | CVE-2011-3624 | Injection vulnerability in Ruby-Lang Ruby 1.8.7/1.9.2 Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | 5.3 |
| 2019-11-22 | CVE-2019-4216 | Injection vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. | 4.6 |