Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-1000854 | Injection vulnerability in Esigate esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. | 9.8 |
| 2018-12-17 | CVE-2018-18250 | Injection vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. | 7.5 |
| 2018-12-17 | CVE-2018-20167 | Injection vulnerability in Enlightenment Terminology Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. | 7.8 |
| 2018-12-12 | CVE-2018-1474 | Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 4.7 |
| 2018-12-07 | CVE-2018-1896 | Injection vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. | 5.4 |
| 2018-10-10 | CVE-2018-18207 | Injection vulnerability in Virtualmin 6.03 Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. | 6.1 |
| 2018-09-09 | CVE-2018-16763 | Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. | 9.8 |
| 2018-09-07 | CVE-2017-1115 | Injection vulnerability in IBM Campaign 10.0/9.1/9.1.2 IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. | 5.4 |
| 2018-07-19 | CVE-2018-9062 | Injection vulnerability in Lenovo products In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | 6.8 |
| 2018-07-10 | CVE-2018-1549 | Injection vulnerability in IBM Rational Quality Manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. | 5.4 |