Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-16255 | Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. | 8.1 |
| 2019-11-25 | CVE-2019-13714 | Code Injection vulnerability in multiple products Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. | 6.1 |
| 2019-11-22 | CVE-2019-3427 | Code Injection vulnerability in ZTE Zxcdn Iamweb Firmware 6.01.03.01 The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. | 7.2 |
| 2019-11-21 | CVE-2019-18889 | Code Injection vulnerability in multiple products An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. | 9.8 |
| 2019-11-21 | CVE-2019-5509 | Code Injection vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | 9.8 |
| 2019-11-16 | CVE-2019-19010 | Code Injection vulnerability in multiple products Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. | 9.8 |
| 2019-11-14 | CVE-2019-15388 | Code Injection vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). | 8.1 |
| 2019-11-01 | CVE-2013-1666 | Code Injection vulnerability in Foswiki Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | 9.8 |
| 2019-10-31 | CVE-2018-4031 | Code Injection vulnerability in Getcujo Smart Firewall 7003 An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. | 10.0 |
| 2019-10-15 | CVE-2019-17613 | Code Injection vulnerability in Qibosoft 7.0 qibosoft 7 allows remote code execution because do/jf.php makes eval calls. | 9.8 |