Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-25 | CVE-2019-4461 | Injection vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. | 5.4 |
| 2019-10-25 | CVE-2019-4396 | Injection vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 5.4 |
| 2019-10-23 | CVE-2019-18348 | Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. | 6.1 |
| 2019-10-23 | CVE-2019-11282 | Injection vulnerability in multiple products Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. | 4.3 |
| 2019-10-18 | CVE-2019-17513 | Injection vulnerability in Ratpack Project Ratpack An issue was discovered in Ratpack before 1.7.5. | 7.5 |
| 2019-10-09 | CVE-2019-9535 | Injection vulnerability in Iterm2 A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. | 9.8 |
| 2019-10-09 | CVE-2019-4558 | Injection vulnerability in IBM Spectrum Scale A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | 7.8 |
| 2019-10-02 | CVE-2019-15259 | Injection vulnerability in Cisco Unified Contact Center Express A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. | 6.1 |
| 2019-10-01 | CVE-2019-17068 | Injection vulnerability in multiple products PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | 7.5 |
| 2019-09-26 | CVE-2019-16532 | Injection vulnerability in Yzmcms 5.3 An HTTP Host header injection vulnerability exists in YzmCMS V5.3. | 6.1 |