Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2016-10498 | Injection vulnerability in Qualcomm products In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely causes micro kernel to be stuck. | 9.8 |
| 2018-04-17 | CVE-2014-2294 | Injection vulnerability in Openwebanalytics Open web Analytics Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | 9.8 |
| 2018-04-13 | CVE-2017-0372 | Injection vulnerability in multiple products Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | 9.8 |
| 2018-04-11 | CVE-2018-1273 | Injection vulnerability in multiple products Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. | 9.8 |
| 2018-04-03 | CVE-2017-4028 | Injection vulnerability in Mcafee products Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | 4.4 |
| 2018-04-03 | CVE-2015-1975 | Injection vulnerability in IBM Tivoli Directory Server The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. | 7.8 |
| 2018-04-03 | CVE-2018-4106 | Injection vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 8.8 |
| 2018-03-15 | CVE-2018-1319 | Injection vulnerability in Apache Allura In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. | 6.1 |
| 2018-03-15 | CVE-2018-6220 | Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. | 9.8 |
| 2018-03-14 | CVE-2018-1000130 | Injection vulnerability in Jolokia Webarchive Agent 1.3.7 A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. | 8.1 |