The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
102 vulnerabilities with CWE-184
CVE-2022-43396
HIGH
Blacklist Bypass - Command Injection
CVSS 8.8
CVE-2022-23536
MEDIUM
Cortex <1.14.0 - Local File Inclusion
CVSS 6.5
CVE-2022-32763
MEDIUM
Lansweeper - XSS
CVSS 6.1
CVE-2022-35962
HIGH
Zulip Mobile <27.189 - Info Disclosure
CVSS 8.0
CVE-2022-38179
MEDIUM
JetBrains Ktor <2.1.0 - Code Injection
CVSS 4.7
CVE-2021-31370
MEDIUM
Juniper Junos - Denial of Service
CVSS 6.5
CVE-2021-25737
LOW
Kubernetes - Open Redirect
CVSS 2.7
CVE-2021-25631
HIGH
LibreOffice <7.1.2 & <7.0.5 - Code Injection
CVSS 8.8
CVE-2021-1135
MEDIUM
Cisco DCNM - Info Disclosure
CVSS 4.6
CVE-2021-1255
MEDIUM
Cisco DCNM - Info Disclosure
CVSS 4.6
CVE-2021-1133
MEDIUM
Cisco DCNM - Info Disclosure
CVSS 4.6
CVE-2020-14372
HIGH
Grub2 <2.06 - Privilege Escalation
CVSS 7.5
CVE-2020-3384
HIGH
Cisco DCNM - Command Injection
CVSS 8.2
CVE-2020-5253
LOW
NetHack <3.6.0 - Code Injection
CVSS 3.9
CVE-2019-9212
CRITICAL
SOFA-Hessian <4.0.2 - RCE
CVSS 9.8
CVE-2018-16863
HIGH
Ghostscript 9.07 - RCE
CVSS 7.3
CVE-2018-7489
CRITICAL
Fasterxml Jackson-databind < 2.7.9.3 - Remote Code Execution
CVSS 9.8
CVE-2018-6383
HIGH
Monstra CMS <3.0.4 - RCE
CVSS 8.8
CVE-2018-5968
HIGH
FasterXML jackson-databind <2.8.11, 2.9.x<2.9.3 - RCE
CVSS 8.1
CVE-2017-2602
LOW
Jenkins <2.44, 2.32.2 - Info Disclosure
CVSS 3.1
CVE-2017-7525
CRITICAL
jackson-databind <2.6.7.1, <2.7.9.1, <2.8.9 - Code Injection
CVSS 9.8
CVE-2017-15095
CRITICAL
jackson-databind <2.8.10, 2.9.1 - Code Injection
CVSS 9.8
CVE-2017-0909
CRITICAL
Private_address_check <0.4.1 - SSRF
CVSS 9.8
CVE-2017-7540
CRITICAL
rubygem-safemode <1.3.2 - Privilege Escalation
CVSS 9.8
CVE-2016-7076
MEDIUM
Sudo < 1.8.18 - Command Injection
CVSS 6.4
Details
Vulnerabilities
102