Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-18 | CVE-2019-10794 | Injection vulnerability in Component-Flatten Project Component-Flatten All versions of component-flatten are vulnerable to Prototype Pollution. | 6.3 |
| 2020-02-18 | CVE-2019-10793 | Injection vulnerability in Dot-Object Project Dot-Object dot-object before 2.1.3 is vulnerable to Prototype Pollution. | 6.3 |
| 2020-02-18 | CVE-2019-10792 | Injection vulnerability in Bodymen Project Bodymen bodymen before 1.1.1 is vulnerable to Prototype Pollution. | 6.3 |
| 2020-02-18 | CVE-2014-4967 | Injection vulnerability in Redhat Ansible Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | 9.8 |
| 2020-02-18 | CVE-2014-4966 | Injection vulnerability in Redhat Ansible Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | 9.8 |
| 2020-02-17 | CVE-2014-7236 | Injection vulnerability in Twiki Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | 9.1 |
| 2020-02-17 | CVE-2013-7324 | Injection vulnerability in Webkitgtk Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. | 5.3 |
| 2020-02-13 | CVE-2020-8800 | Injection vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | 8.8 |
| 2020-02-12 | CVE-2013-7381 | Injection vulnerability in Libnotify Project Libnotify libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | 9.8 |
| 2020-02-12 | CVE-2013-2010 | Injection vulnerability in multiple products WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | 9.8 |