Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-15 | CVE-2021-21248 | Code Injection vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |
| 2021-01-15 | CVE-2021-21244 | Code Injection vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 9.8 |
| 2021-01-12 | CVE-2021-21466 | Code Injection vulnerability in SAP Business Warehouse and Bw/4Hana SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. | 8.8 |
| 2021-01-08 | CVE-2020-35131 | Code Injection vulnerability in Agentejo Cockpit Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. | 9.8 |
| 2021-01-06 | CVE-2020-8274 | Code Injection vulnerability in Citrix Secure Mail Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. | 6.5 |
| 2020-12-18 | CVE-2020-20298 | Code Injection vulnerability in Zzzcms Zzzphp 1.7.2 Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | 9.8 |
| 2020-11-18 | CVE-2020-28367 | Code Injection vulnerability in Golang GO Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | 7.5 |
| 2020-11-18 | CVE-2020-28366 | Code Injection vulnerability in multiple products Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | 7.5 |
| 2020-11-17 | CVE-2020-11851 | Code Injection vulnerability in Microfocus Arcsight Logger 6.61/7.0/7.0.1 Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. | 9.8 |
| 2020-11-13 | CVE-2020-25557 | Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. | 8.8 |