Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-17 | CVE-2019-8325 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 7.5 |
| 2019-06-12 | CVE-2019-0304 | Injection vulnerability in SAP products FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. | 9.8 |
| 2019-06-10 | CVE-2019-12387 | Injection vulnerability in multiple products In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. | 6.1 |
| 2019-06-06 | CVE-2019-12303 | Injection vulnerability in Suse Rancher In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. | 8.8 |
| 2019-06-05 | CVE-2019-6800 | Injection vulnerability in Titanhq Spamtitan In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. | 7.5 |
| 2019-05-24 | CVE-2016-8900 | Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. | 9.8 |
| 2019-05-23 | CVE-2016-8899 | Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. | 9.8 |
| 2019-05-23 | CVE-2016-8901 | Injection vulnerability in B2Evolution 6.7.6 b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | 9.8 |
| 2019-04-26 | CVE-2019-2725 | Injection vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 9.8 |
| 2019-04-25 | CVE-2019-9900 | Injection vulnerability in multiple products When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). | 8.3 |