Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-19 | CVE-2019-7486 | Code Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3/9.0.0.4 Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. | 8.8 |
| 2019-12-18 | CVE-2019-15599 | Code Injection vulnerability in Tree-Kill Project Tree-Kill 1.2.1 A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. | 9.8 |
| 2019-12-18 | CVE-2019-15597 | Code Injection vulnerability in Node-Df Project Node-Df 0.1.4 A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input. | 9.8 |
| 2019-12-18 | CVE-2019-4716 | Code Injection vulnerability in IBM Planning Analytics IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. | 9.8 |
| 2019-12-06 | CVE-2019-10769 | Code Injection vulnerability in Safer-Eval Project Safer-Eval safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. | 9.8 |
| 2019-12-03 | CVE-2019-16885 | Code Injection vulnerability in Okay-Cms Okaycms In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. | 9.8 |
| 2019-12-03 | CVE-2019-3665 | Code Injection vulnerability in Mcafee Webadvisor Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | 6.5 |
| 2019-12-02 | CVE-2019-19502 | Code Injection vulnerability in Maleck Image Uploader and Browser for Ckeditor Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. | 9.8 |
| 2019-11-26 | CVE-2019-16255 | Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. | 8.1 |
| 2019-11-25 | CVE-2019-13714 | Code Injection vulnerability in multiple products Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. | 6.1 |