Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-06-25 CVE-2018-21268 Injection vulnerability in Traceroute Project Traceroute
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter.
network
low complexity
traceroute-project CWE-74
critical
9.8
2020-06-24 CVE-2020-15011 Injection vulnerability in multiple products
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
network
low complexity
gnu canonical debian CWE-74
4.3
2020-06-23 CVE-2019-20409 Injection vulnerability in Atlassian Jira Software Data Center
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
network
low complexity
atlassian CWE-74
critical
9.8
2020-06-21 CVE-2020-14954 Injection vulnerability in multiple products
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3.
5.9
2020-06-19 CVE-2020-13262 Injection vulnerability in Gitlab
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
network
low complexity
gitlab CWE-74
6.1
2020-06-19 CVE-2016-11068 Injection vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.2.0.
network
low complexity
mattermost CWE-74
5.3
2020-06-19 CVE-2020-9495 Injection vulnerability in Apache Archiva
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection.
network
low complexity
apache CWE-74
5.3
2020-06-19 CVE-2017-18900 Injection vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3.
network
low complexity
mattermost CWE-74
critical
9.8
2020-06-19 CVE-2018-21258 Injection vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 5.1.
network
low complexity
mattermost CWE-74
7.5
2020-06-04 CVE-2019-16385 Injection vulnerability in Cybelesoft Thinfinity Virtualui
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring.
network
low complexity
cybelesoft CWE-74
6.1