Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-11 | CVE-2018-1273 | Injection vulnerability in multiple products Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. | 9.8 |
| 2018-04-03 | CVE-2017-4028 | Injection vulnerability in Mcafee products Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | 4.4 |
| 2018-04-03 | CVE-2015-1975 | Injection vulnerability in IBM Tivoli Directory Server The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. | 7.8 |
| 2018-04-03 | CVE-2018-4106 | Injection vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 8.8 |
| 2018-03-15 | CVE-2018-1319 | Injection vulnerability in Apache Allura In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. | 6.1 |
| 2018-03-15 | CVE-2018-6220 | Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. | 9.8 |
| 2018-03-14 | CVE-2018-1000130 | Injection vulnerability in Jolokia Webarchive Agent 1.3.7 A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. | 8.1 |
| 2018-03-06 | CVE-2015-5377 | Injection vulnerability in Elastic Elasticsearch Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. | 9.8 |
| 2018-02-20 | CVE-2017-10963 | Injection vulnerability in Samsung products In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. | 5.9 |
| 2018-02-15 | CVE-2017-5799 | Injection vulnerability in HP Opencall Media Platform 3.0.0/4.0.0 A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. | 8.8 |