Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2017-18437 | Injection vulnerability in Cpanel cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | 4.4 |
| 2019-08-02 | CVE-2017-18389 | Injection vulnerability in Cpanel cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | 6.3 |
| 2019-08-02 | CVE-2017-18387 | Injection vulnerability in Cpanel cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | 7.2 |
| 2019-08-02 | CVE-2017-18386 | Injection vulnerability in Cpanel cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | 7.2 |
| 2019-08-01 | CVE-2016-10847 | Injection vulnerability in Cpanel cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | 8.1 |
| 2019-08-01 | CVE-2016-10845 | Injection vulnerability in Cpanel cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | 8.1 |
| 2019-08-01 | CVE-2018-20914 | Injection vulnerability in Cpanel In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | 7.3 |
| 2019-08-01 | CVE-2018-20898 | Injection vulnerability in Cpanel cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | 4.3 |
| 2019-08-01 | CVE-2018-20885 | Injection vulnerability in Cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 5.3 |
| 2019-07-29 | CVE-2019-1020006 | Injection vulnerability in Inveniosoftware Invenio-App invenio-app before 1.1.1 allows host header injection. | 6.1 |