Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-9811 | Injection vulnerability in multiple products As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. | 8.3 |
| 2019-07-23 | CVE-2019-11718 | Injection vulnerability in multiple products Activity Stream can display content from sent from the Snippet Service website. | 5.3 |
| 2019-07-18 | CVE-2019-13915 | Injection vulnerability in B3Log Wide b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. | 7.5 |
| 2019-07-12 | CVE-2019-1010310 | Injection vulnerability in Glpi-Project Glpi 9.3.1 GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. | 3.5 |
| 2019-07-10 | CVE-2019-0319 | Injection vulnerability in SAP Gateway and UI5 The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. | 7.5 |
| 2019-07-09 | CVE-2019-13146 | Injection vulnerability in Field Test Project Field Test 0.3.0 The field_test gem 0.3.0 for Ruby has unvalidated input. | 5.3 |
| 2019-06-29 | CVE-2016-10761 | Injection vulnerability in Logitech products Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. | 6.5 |
| 2019-06-26 | CVE-2019-12966 | Injection vulnerability in Fehelper Project Fehelper 20190619 FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. | 9.8 |
| 2019-06-17 | CVE-2019-8323 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 7.5 |
| 2019-06-17 | CVE-2019-8322 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 7.5 |