Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2020-3924 | Injection vulnerability in Tonnet products DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. | 10.0 |
| 2020-02-25 | CVE-2020-9017 | Injection vulnerability in Litecart LiteCart through 2.2.1 allows CSV injection via a customer's profile. | 6.0 |
| 2020-02-24 | CVE-2020-5245 | Injection vulnerability in multiple products Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. | 9.0 |
| 2020-02-20 | CVE-2014-4678 | Injection vulnerability in multiple products The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | 7.5 |
| 2020-02-19 | CVE-2020-4161 | Injection vulnerability in IBM DB2 11.5 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. | 4.0 |
| 2020-02-18 | CVE-2019-10795 | Injection vulnerability in Undefsafe Project Undefsafe undefsafe before 2.0.3 is vulnerable to Prototype Pollution. | 6.5 |
| 2020-02-18 | CVE-2019-10794 | Injection vulnerability in Component-Flatten Project Component-Flatten All versions of component-flatten are vulnerable to Prototype Pollution. | 6.5 |
| 2020-02-18 | CVE-2019-10793 | Injection vulnerability in Dot-Object Project Dot-Object dot-object before 2.1.3 is vulnerable to Prototype Pollution. | 6.5 |
| 2020-02-18 | CVE-2019-10792 | Injection vulnerability in Bodymen Project Bodymen bodymen before 1.1.1 is vulnerable to Prototype Pollution. | 6.5 |
| 2020-02-18 | CVE-2014-4967 | Injection vulnerability in Redhat Ansible Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | 7.5 |