Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-09-09 CVE-2018-16763 Injection vulnerability in Thedaylightstudio Fuel CMS
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.
network
low complexity
thedaylightstudio CWE-74
critical
9.8
2018-09-07 CVE-2017-1115 Injection vulnerability in IBM Campaign 10.0/9.1/9.1.2
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection.
network
low complexity
ibm CWE-74
5.4
2018-07-19 CVE-2018-9062 Injection vulnerability in Lenovo products
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
low complexity
lenovo CWE-74
6.8
2018-07-10 CVE-2018-1549 Injection vulnerability in IBM Rational Quality Manager
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks.
network
low complexity
ibm CWE-74
5.4
2018-07-09 CVE-2018-4995 Injection vulnerability in Adobe Acrobat DC
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability.
network
low complexity
adobe CWE-74
critical
9.8
2018-06-21 CVE-2018-0313 Injection vulnerability in Cisco Nx-Os
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit.
network
low complexity
cisco CWE-74
8.8
2018-06-11 CVE-2017-7848 Injection vulnerability in multiple products
RSS fields can inject new lines into the created email structure, modifying the message body.
network
low complexity
mozilla redhat debian CWE-74
5.3
2018-06-11 CVE-2017-7846 Injection vulnerability in multiple products
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g.
network
low complexity
redhat debian mozilla CWE-74
8.8
2018-06-11 CVE-2017-7788 Injection vulnerability in Mozilla Firefox
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin".
network
low complexity
mozilla CWE-74
critical
9.8
2018-06-08 CVE-2018-4235 Injection vulnerability in Apple products
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-74
5.5