Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-6455 | Code Injection vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | 7.0 |
| 2017-03-23 | CVE-2015-0855 | Code Injection vulnerability in Pitivi 0.94 The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | 9.8 |
| 2017-03-23 | CVE-2016-1602 | Code Injection vulnerability in Suse products A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | 7.8 |
| 2017-03-21 | CVE-2017-6186 | Code Injection vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. | 6.7 |
| 2017-03-14 | CVE-2016-8020 | Code Injection vulnerability in Mcafee Virusscan Enterprise Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | 8.0 |
| 2017-02-15 | CVE-2017-2968 | Code Injection vulnerability in Adobe Campaign 16.4 Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | 9.1 |
| 2017-02-13 | CVE-2016-8354 | Code Injection vulnerability in Schneider-Electric Unity PRO 11.0/6.0/7.0 An issue was discovered in Schneider Electric Unity PRO prior to V11.1. | 7.0 |
| 2017-02-13 | CVE-2015-8771 | Code Injection vulnerability in Gosa Project Gosa Plugin The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. | 9.8 |
| 2017-02-09 | CVE-2016-5727 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | 8.8 |
| 2017-02-09 | CVE-2016-5726 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | 9.8 |