Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-01 | CVE-2019-1577 | Code Injection vulnerability in Paloaltonetworks Traps 5.0/5.0.5 Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | 6.3 |
| 2019-06-28 | CVE-2018-17170 | Code Injection vulnerability in Teamwire 1.5.1 Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. | 8.1 |
| 2019-06-18 | CVE-2018-18836 | Code Injection vulnerability in My-Netdata Netdata 1.10.0 An issue was discovered in Netdata 1.10.0. | 6.5 |
| 2019-06-18 | CVE-2018-18879 | Code Injection vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. | 8.8 |
| 2019-06-17 | CVE-2019-8324 | Code Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 8.8 |
| 2019-06-06 | CVE-2019-12761 | Code Injection vulnerability in Python Pyxdg 0.25 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. | 7.5 |
| 2019-06-03 | CVE-2017-14853 | Code Injection vulnerability in Orpak Siteomat 6.4.414.084 The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. | 9.8 |
| 2019-05-31 | CVE-2019-9891 | Code Injection vulnerability in Tldp Advanced Bash-Scripting Guide The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo. | 9.8 |
| 2019-05-22 | CVE-2019-6816 | Code Injection vulnerability in Schneider-Electric Modicon Quantum Firmware In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. | 9.1 |
| 2019-05-17 | CVE-2019-0091 | Code Injection vulnerability in Intel products Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. | 7.8 |