Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-08-05 CVE-2017-9861 Injection vulnerability in SMA products
An issue was discovered in SMA Solar Technology products.
network
low complexity
sma CWE-74
critical
9.8
2017-07-25 CVE-2017-6748 Injection vulnerability in Cisco products
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root.
local
low complexity
cisco CWE-74
6.7
2017-07-18 CVE-2017-5246 Injection vulnerability in Biscom Secure File Transfer
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field.
network
low complexity
biscom CWE-74
4.3
2017-07-17 CVE-2017-1000052 Injection vulnerability in Plug Project Plug
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
local
low complexity
plug-project CWE-74
7.8
2017-06-26 CVE-2017-7459 Injection vulnerability in Ntop Ntopng
ntopng before 3.0 allows HTTP Response Splitting.
network
low complexity
ntop CWE-74
7.5
2017-05-21 CVE-2017-9135 Injection vulnerability in Mimosa Backhaul Radios and Client Radios
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4.
network
low complexity
mimosa CWE-74
8.8
2017-05-21 CVE-2017-9133 Injection vulnerability in Mimosa Backhaul Radios and Client Radios
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3.
network
low complexity
mimosa CWE-74
8.8
2017-05-06 CVE-2017-6031 Injection vulnerability in Certec EDV Gmbh Atvise Scada 2.5.10
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0.
network
low complexity
certec-edv-gmbh CWE-74
8.8
2017-05-03 CVE-2017-8458 Injection vulnerability in Brave 0.12.4
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.
network
low complexity
brave CWE-74
6.5
2017-04-28 CVE-2017-2140 Injection vulnerability in Gaku Tablacus Explorer 17.3.30
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.
network
low complexity
gaku CWE-74
8.8