Vulnerabilities > Improper Control of Dynamically-Managed Code Resources
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-40634 | Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI. | 7.2 |
| 2022-09-13 | CVE-2022-40635 | Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. | 7.2 |
| 2022-09-06 | CVE-2022-36067 | Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. | 10.0 |
| 2022-09-05 | CVE-2022-39051 | Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package | 8.8 |
| 2022-06-14 | CVE-2022-27889 | Improper Control of Dynamically-Managed Code Resources vulnerability in Palantir Foundry Multipass The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. | 9.1 |
| 2022-05-16 | CVE-2021-23267 | Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. | 8.8 |
| 2022-02-24 | CVE-2022-25355 | Improper Control of Dynamically-Managed Code Resources vulnerability in Ec-Cube EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users. | 5.3 |
| 2022-02-16 | CVE-2022-25265 | Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). | 7.8 |
| 2021-12-20 | CVE-2021-42809 | Improper Control of Dynamically-Managed Code Resources vulnerability in Thalesgroup Sentinel Protection Installer 7.7.0 Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. | 7.8 |
| 2021-12-02 | CVE-2021-23258 | Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. | 7.2 |