Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-6650 | Code Injection vulnerability in Eaton UPS Companion UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. | 8.8 |
| 2020-03-20 | CVE-2020-8140 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | 6.7 |
| 2020-03-20 | CVE-2020-8137 | Code Injection vulnerability in Blamer Project Blamer Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. | 9.8 |
| 2020-03-20 | CVE-2019-16108 | Code Injection vulnerability in PHPbb 3.2.7 phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. | 7.5 |
| 2020-03-18 | CVE-2019-18582 | Code Injection vulnerability in Dell products Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. | 7.2 |
| 2020-03-16 | CVE-2019-19208 | Code Injection vulnerability in Codiad Codiad Web IDE through 2.8.4 allows PHP Code injection. | 9.8 |
| 2020-03-15 | CVE-2020-8141 | Code Injection vulnerability in DOT Project DOT 1.1.2 The dot package v1.1.2 uses Function() to compile templates. | 8.8 |
| 2020-03-12 | CVE-2020-10389 | Code Injection vulnerability in Chadhaajay PHPkb 9.0 admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings. | 7.2 |
| 2020-03-06 | CVE-2020-9530 | Code Injection vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. | 6.5 |
| 2020-03-03 | CVE-2019-3695 | Code Injection vulnerability in Opensuse PCP A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. | 7.8 |