Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-17 | CVE-2019-8322 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 5.0 |
2019-06-17 | CVE-2019-8325 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 5.0 |
2019-06-10 | CVE-2019-12387 | Injection vulnerability in multiple products In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. | 6.1 |
2019-06-06 | CVE-2019-12303 | Injection vulnerability in Suse Rancher In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. | 6.5 |
2019-06-05 | CVE-2019-6800 | Injection vulnerability in Titanhq Spamtitan In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. | 8.5 |
2019-05-24 | CVE-2016-8900 | Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. | 7.5 |
2019-05-23 | CVE-2016-8899 | Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. | 7.5 |
2019-05-23 | CVE-2016-8901 | Injection vulnerability in B2Evolution 6.7.6 b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | 7.5 |
2019-04-26 | CVE-2019-2725 | Injection vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 7.5 |
2019-04-25 | CVE-2019-9900 | Injection vulnerability in multiple products When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). | 8.3 |