Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-3513 | Code Injection vulnerability in Cisco IOS XE 16.12.1/17.2 Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3416 | Code Injection vulnerability in Cisco IOS XE 16.12.1/17.2 Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. | 6.7 |
| 2020-09-17 | CVE-2020-11804 | Code Injection vulnerability in Titanhq Spamtitan 7.07 An issue was discovered in Titan SpamTitan 7.07. | 8.8 |
| 2020-09-17 | CVE-2020-11803 | Code Injection vulnerability in Titanhq Spamtitan 7.07 An issue was discovered in Titan SpamTitan 7.07. | 8.8 |
| 2020-09-09 | CVE-2020-6318 | Code Injection vulnerability in SAP Abap Platform A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. | 7.2 |
| 2020-09-03 | CVE-2020-7381 | Code Injection vulnerability in Rapid7 Nexpose In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. | 7.8 |
| 2020-09-01 | CVE-2020-6144 | Code Injection vulnerability in Os4Ed Opensis 7.4 A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. | 9.8 |
| 2020-09-01 | CVE-2020-6143 | Code Injection vulnerability in Os4Ed Opensis 7.4 A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. | 9.8 |
| 2020-08-21 | CVE-2020-7710 | Code Injection vulnerability in Safe-Eval Project Safe-Eval This affects all versions of package safe-eval. | 9.8 |
| 2020-08-21 | CVE-2020-15070 | Code Injection vulnerability in Zulip Server Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. | 8.8 |