Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-03 | CVE-2019-3665 | Code Injection vulnerability in Mcafee Webadvisor Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | 6.5 |
| 2019-12-02 | CVE-2019-19502 | Code Injection vulnerability in Maleck Image Uploader and Browser for Ckeditor Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. | 9.8 |
| 2019-11-26 | CVE-2019-16255 | Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. | 8.1 |
| 2019-11-25 | CVE-2019-13714 | Code Injection vulnerability in multiple products Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. | 6.1 |
| 2019-11-22 | CVE-2019-3427 | Code Injection vulnerability in ZTE Zxcdn Iamweb Firmware 6.01.03.01 The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. | 7.2 |
| 2019-11-21 | CVE-2019-18889 | Code Injection vulnerability in multiple products An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. | 9.8 |
| 2019-11-21 | CVE-2019-5509 | Code Injection vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | 9.8 |
| 2019-11-16 | CVE-2019-19010 | Code Injection vulnerability in multiple products Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. | 9.8 |
| 2019-11-14 | CVE-2019-15388 | Code Injection vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). | 8.1 |
| 2019-11-01 | CVE-2013-1666 | Code Injection vulnerability in Foswiki Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | 9.8 |