Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-22506 | Code Injection vulnerability in Atlassian Bamboo Data Center and Bamboo Server This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. | 8.8 |
| 2023-07-18 | CVE-2023-34330 | Code Injection vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. | 8.8 |
| 2023-07-13 | CVE-2023-37565 | Code Injection vulnerability in Elecom products Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. | 8.0 |
| 2023-07-11 | CVE-2023-24492 | Code Injection vulnerability in Citrix Secure Access Client 23.5.1.3 A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. | 8.8 |
| 2023-07-11 | CVE-2023-37659 | Code Injection vulnerability in Xalpha Project Xalpha xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). | 9.8 |
| 2023-07-10 | CVE-2023-27867 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. | 8.8 |
| 2023-07-10 | CVE-2023-27868 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. | 8.8 |
| 2023-07-10 | CVE-2023-27869 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. | 8.8 |
| 2023-07-07 | CVE-2023-36992 | Code Injection vulnerability in Travianz Project Travianz 8.3.3/8.3.4 PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. | 7.2 |
| 2023-07-06 | CVE-2023-36859 | Code Injection vulnerability in Piigab M-Bus 900S Firmware PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. | 9.8 |