Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-14 | CVE-2021-44231 | Code Injection vulnerability in SAP Abap Platform and Netweaver Application Server Abap Internally used text extraction reports allow an attacker to inject code that can be executed by the application. | 9.8 |
| 2021-12-08 | CVE-2021-44529 | Code Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | 9.8 |
| 2021-12-08 | CVE-2021-37097 | Code Injection vulnerability in Huawei Emui, Harmonyos and Magic UI There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. | 7.5 |
| 2021-12-07 | CVE-2021-37079 | Code Injection vulnerability in Huawei Harmonyos There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | 9.1 |
| 2021-11-30 | CVE-2021-38967 | Code Injection vulnerability in IBM MQ Appliance 9.2.0.0 IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. | 6.7 |
| 2021-11-30 | CVE-2021-3725 | Code Injection vulnerability in Planetargon OH MY ZSH Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. | 8.8 |
| 2021-11-22 | CVE-2021-33493 | Code Injection vulnerability in Open-Xchange OX APP Suite 7.10.5 The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. | 6.0 |
| 2021-11-19 | CVE-2021-22053 | Code Injection vulnerability in VMWare Spring Cloud Netflix Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. | 8.8 |
| 2021-11-13 | CVE-2021-41653 | Code Injection vulnerability in Tp-Link Tl-Wr840N Firmware The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | 9.8 |
| 2021-11-10 | CVE-2021-33816 | Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2 The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. | 9.8 |