Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-06 | CVE-2020-9530 | Code Injection vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. | 6.5 |
| 2020-03-03 | CVE-2019-3695 | Code Injection vulnerability in Opensuse PCP A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. | 7.8 |
| 2020-02-26 | CVE-2020-9406 | Code Injection vulnerability in Iblsoft Online Weather IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | 9.8 |
| 2020-02-25 | CVE-2019-4000 | Code Injection vulnerability in Druva Insync 6.5.0 Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges. | 7.8 |
| 2020-02-17 | CVE-2020-8518 | Code Injection vulnerability in multiple products Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | 9.8 |
| 2020-02-14 | CVE-2020-8129 | Code Injection vulnerability in Script-Manager Project Script-Manager An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | 9.8 |
| 2020-02-14 | CVE-2013-4211 | Code Injection vulnerability in Openx 2.8.10 A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code | 9.8 |
| 2020-02-11 | CVE-2013-4225 | Code Injection vulnerability in Restful web Services Project Restful web Services The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | 8.8 |
| 2020-02-07 | CVE-2019-17268 | Code Injection vulnerability in Omniauth-Weibo-Oauth2 Project Omniauth-Weibo-Oauth2 0.4.6 The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2020-02-05 | CVE-2020-8644 | Code Injection vulnerability in Playsms PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | 9.8 |