CWE-74

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.

An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA ‘n’ POST injection vulnerability. Successful exploitation could lead to a security bypass.

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the “Messages” component. It allows local users to perform impersonation attacks via an unspecified injection.

An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the “Terminal” component. It allows user-assisted attackers to inject arbitrary commands within pasted content.