Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-43651 | Code Injection vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host. | 9.9 |
| 2023-09-25 | CVE-2023-0625 | Code Injection vulnerability in Docker Desktop Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | 9.8 |
| 2023-09-25 | CVE-2023-0626 | Code Injection vulnerability in Docker Desktop Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | 9.8 |
| 2023-09-22 | CVE-2023-43270 | Code Injection vulnerability in Dst-Admin Project Dst-Admin 1.5.0 dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. | 9.8 |
| 2023-09-20 | CVE-2023-0462 | Code Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
| 2023-09-19 | CVE-2023-41179 | Code Injection vulnerability in Trendmicro products A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | 7.2 |
| 2023-09-11 | CVE-2023-42470 | Code Injection vulnerability in Imoulife Life 6.8.0 The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. | 9.8 |
| 2023-09-11 | CVE-2023-42471 | Code Injection vulnerability in Wave-Ai Wave 1.0.35 The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. | 9.8 |
| 2023-09-08 | CVE-2023-39320 | Code Injection vulnerability in Golang GO 1.21.0/1.21.00 The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. | 9.8 |
| 2023-09-06 | CVE-2023-38484 | Code Injection vulnerability in Arubanetworks Arubaos Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. | 6.4 |