Total
1095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1896 | 1 Ibm | 1 Connections | 2024-09-16 | N/A |
| IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456. | ||||
| CVE-2022-38191 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 6.1 Medium |
| There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application. | ||||
| CVE-2021-29085 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2024-09-16 | 8.6 High |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-6015 | 1 Rockwellautomation | 1 Factorytalk Activation | 2024-09-16 | N/A |
| Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later. | ||||
| CVE-2021-43929 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 6.5 Medium |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2022-22344 | 1 Ibm | 1 Spectrum Copy Data Management | 2024-09-16 | 6.1 Medium |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038 | ||||
| CVE-2021-23335 | 1 Is-user-valid Project | 1 Is-user-valid | 2024-09-16 | 7.5 High |
| All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure. | ||||
| CVE-2019-11277 | 1 Cloudfoundry | 2 Cf-deployment, Nfs Volume Release | 2024-09-16 | 8.1 High |
| Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. | ||||
| CVE-2018-1273 | 3 Apache, Oracle, Pivotal Software | 4 Ignite, Financial Services Crime And Compliance Management Studio, Spring Data Commons and 1 more | 2024-09-16 | 9.8 Critical |
| Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. | ||||
| CVE-2016-10498 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2024-09-16 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely causes micro kernel to be stuck. This can be triggered with a timing change injectable in RACH procedure. | ||||
| CVE-2017-5799 | 1 Hp | 1 Opencall Media Platform | 2024-09-16 | N/A |
| A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x). | ||||
| CVE-2017-1000454 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | ||||
| CVE-2018-1000854 | 1 Esigate | 1 Esigate | 2024-09-16 | N/A |
| esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3. | ||||
| CVE-2024-42489 | 2 Xwiki, Xwikisas | 2 Pro Macros, Xwiki-pro-macros | 2024-09-16 | 10 Critical |
| Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This vulnerability is fixed in 1.10.1. | ||||
| CVE-2019-1680 | 1 Cisco | 2 Webex Business Suite, Webex Meetings Online | 2024-09-16 | 4.3 Medium |
| A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected. | ||||
| CVE-2021-21510 | 1 Dell | 1 Idrac8 Firmware | 2024-09-16 | 6.1 Medium |
| Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. | ||||
| CVE-2019-8948 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-09-16 | N/A |
| PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. | ||||
| CVE-2017-16680 | 1 Sap | 1 Hana Extended Application Services | 2024-09-16 | N/A |
| Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct. | ||||
| CVE-2020-5323 | 1 Dell | 2 Emc Openmanage Enterprise, Emc Openmanage Enterprise-modular | 2024-09-16 | 5.4 Medium |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to gain access to sensitive information or cause denial-of-service. | ||||
| CVE-2022-34773 | 1 Tabit | 1 Tabit | 2024-09-16 | 4.9 Medium |
| Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection. | ||||