Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-33195 | Injection vulnerability in multiple products Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | 7.3 |
| 2021-07-30 | CVE-2021-32558 | Injection vulnerability in multiple products An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. | 7.5 |
| 2021-07-23 | CVE-2021-3169 | Injection vulnerability in Jumpserver An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets. | 9.8 |
| 2021-07-19 | CVE-2020-5323 | Injection vulnerability in Dell products Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. | 8.1 |
| 2021-07-14 | CVE-2021-0594 | Injection vulnerability in Google Android In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. | 8.0 |
| 2021-07-12 | CVE-2021-36381 | Injection vulnerability in Edifecs Transaction Management 20210712 In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. | 5.3 |
| 2021-07-06 | CVE-2021-22232 | Injection vulnerability in Gitlab HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | 5.4 |
| 2021-06-29 | CVE-2021-20101 | Injection vulnerability in Machform Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. | 6.1 |
| 2021-06-29 | CVE-2021-23400 | Injection vulnerability in Nodemailer The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | 8.8 |
| 2021-06-28 | CVE-2021-20574 | Injection vulnerability in IBM Security Identity Manager Adapter 6.0.0.0/7.0.0.0 IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |