Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-21	CVE-2020-3561	Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. network low complexity cisco CWE-74	4.7
2020-10-16	CVE-2020-15252	Injection vulnerability in Xwiki In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. network low complexity xwiki CWE-74	8.8
2020-10-07	CVE-2020-25768	Injection vulnerability in Contao Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. network low complexity contao CWE-74	5.3
2020-09-30	CVE-2020-26137	Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). network low complexity python canonical debian oracle CWE-74	6.5
2020-09-30	CVE-2020-21523	Injection vulnerability in Halo 1.1.3 A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. network low complexity halo CWE-74 critical	9.8
2020-09-27	CVE-2020-26116	Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. network low complexity python fedoraproject canonical netapp debian oracle opensuse CWE-74	7.2
2020-09-23	CVE-2020-25596	Injection vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject debian opensuse CWE-74	5.5
2020-09-17	CVE-2020-15186	Injection vulnerability in Helm In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. network low complexity helm CWE-74	2.7
2020-09-17	CVE-2020-15184	Injection vulnerability in Helm In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. network low complexity helm CWE-74	2.7
2020-09-10	CVE-2020-15171	Injection vulnerability in Xwiki In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. network high complexity xwiki CWE-74	6.6