Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-25 | CVE-2018-21268 | Injection vulnerability in Traceroute Project Traceroute The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. | 9.8 |
| 2020-06-24 | CVE-2020-15011 | Injection vulnerability in multiple products GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | 4.3 |
| 2020-06-23 | CVE-2019-20409 | Injection vulnerability in Atlassian Jira Software Data Center The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | 9.8 |
| 2020-06-21 | CVE-2020-14954 | Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. | 5.9 |
| 2020-06-19 | CVE-2020-13262 | Injection vulnerability in Gitlab Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 6.1 |
| 2020-06-19 | CVE-2016-11068 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.3 |
| 2020-06-19 | CVE-2020-9495 | Injection vulnerability in Apache Archiva Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. | 5.3 |
| 2020-06-19 | CVE-2017-18900 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 9.8 |
| 2020-06-19 | CVE-2018-21258 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 7.5 |
| 2020-06-04 | CVE-2019-16385 | Injection vulnerability in Cybelesoft Thinfinity Virtualui Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. | 6.1 |