Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-03-21 CVE-2013-7487 Injection vulnerability in Swann products
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000.
network
swann CWE-74
6.8
2020-03-20 CVE-2019-18860 Injection vulnerability in multiple products
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
network
low complexity
squid-cache debian canonical opensuse CWE-74
6.1
2020-03-19 CVE-2019-12416 Injection vulnerability in Apache Deltaspike
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js.
network
low complexity
apache CWE-74
6.1
2020-03-18 CVE-2020-8468 Injection vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components.
network
low complexity
trendmicro CWE-74
6.5
2020-03-16 CVE-2019-11073 Injection vulnerability in Paessler Prtg Network Monitor
A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary.
network
low complexity
paessler CWE-74
critical
9.0
2020-03-15 CVE-2020-7607 Injection vulnerability in Gulp-Styledocco Project Gulp-Styledocco 0.0.1/0.0.2/0.0.3
gulp-styledocco through 0.0.3 allows execution of arbitrary commands.
network
low complexity
gulp-styledocco-project CWE-74
7.5
2020-03-15 CVE-2020-7606 Injection vulnerability in Docker-Compose-Remote-Api Project Docker-Compose-Remote-Api
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands.
network
low complexity
docker-compose-remote-api-project CWE-74
7.5
2020-03-15 CVE-2020-7605 Injection vulnerability in Gulp-Tape Project Gulp-Tape
gulp-tape through 1.0.0 allows execution of arbitrary commands.
network
low complexity
gulp-tape-project CWE-74
7.5
2020-03-15 CVE-2020-7604 Injection vulnerability in Pulverizr Project Pulverizr 0.5.0/0.5.1/0.7.0
pulverizr through 0.7.0 allows execution of arbitrary commands.
network
low complexity
pulverizr-project CWE-74
7.5
2020-03-15 CVE-2020-7603 Injection vulnerability in Closure-Compiler-Stream Project Closure-Compiler-Stream
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands.
network
low complexity
closure-compiler-stream-project CWE-74
7.5