Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2016-10845 | Injection vulnerability in Cpanel cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | 8.1 |
| 2019-08-01 | CVE-2018-20914 | Injection vulnerability in Cpanel In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | 7.3 |
| 2019-08-01 | CVE-2018-20898 | Injection vulnerability in Cpanel cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | 4.3 |
| 2019-08-01 | CVE-2018-20885 | Injection vulnerability in Cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 5.3 |
| 2019-07-29 | CVE-2019-1020006 | Injection vulnerability in Inveniosoftware Invenio-App invenio-app before 1.1.1 allows host header injection. | 6.1 |
| 2019-07-23 | CVE-2019-9811 | Injection vulnerability in multiple products As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. | 8.3 |
| 2019-07-23 | CVE-2019-11718 | Injection vulnerability in multiple products Activity Stream can display content from sent from the Snippet Service website. | 5.3 |
| 2019-07-18 | CVE-2019-13915 | Injection vulnerability in B3Log Wide b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. | 7.5 |
| 2019-07-12 | CVE-2019-1010310 | Injection vulnerability in Glpi-Project Glpi 9.3.1 GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. | 3.5 |
| 2019-07-10 | CVE-2019-0319 | Injection vulnerability in SAP Gateway and UI5 The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. | 7.5 |