Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-12 | CVE-2018-1474 | Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 4.7 |
| 2018-12-07 | CVE-2018-1896 | Injection vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. | 5.4 |
| 2018-10-10 | CVE-2018-18207 | Injection vulnerability in Virtualmin 6.03 Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. | 6.1 |
| 2018-09-09 | CVE-2018-16763 | Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. | 9.8 |
| 2018-09-07 | CVE-2017-1115 | Injection vulnerability in IBM Campaign 10.0/9.1/9.1.2 IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. | 5.4 |
| 2018-07-19 | CVE-2018-9062 | Injection vulnerability in Lenovo products In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | 6.8 |
| 2018-07-10 | CVE-2018-1549 | Injection vulnerability in IBM Rational Quality Manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. | 5.4 |
| 2018-07-09 | CVE-2018-4995 | Injection vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. | 9.8 |
| 2018-06-21 | CVE-2018-0313 | Injection vulnerability in Cisco Nx-Os A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. | 8.8 |
| 2018-06-11 | CVE-2017-7848 | Injection vulnerability in multiple products RSS fields can inject new lines into the created email structure, modifying the message body. | 5.3 |