Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-22 | CVE-2019-3427 | Code Injection vulnerability in ZTE Zxcdn Iamweb Firmware 6.01.03.01 The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. | 7.2 |
| 2019-11-21 | CVE-2019-18889 | Code Injection vulnerability in multiple products An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. | 9.8 |
| 2019-11-21 | CVE-2019-5509 | Code Injection vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | 9.8 |
| 2019-11-16 | CVE-2019-19010 | Code Injection vulnerability in multiple products Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. | 9.8 |
| 2019-11-14 | CVE-2019-15388 | Code Injection vulnerability in Coolpad Mega 5 Firmware The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). | 8.1 |
| 2019-11-01 | CVE-2013-1666 | Code Injection vulnerability in Foswiki Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | 9.8 |
| 2019-10-31 | CVE-2018-4031 | Code Injection vulnerability in Getcujo Smart Firewall 7003 An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. | 10.0 |
| 2019-10-15 | CVE-2019-17613 | Code Injection vulnerability in Qibosoft 7.0 qibosoft 7 allows remote code execution because do/jf.php makes eval calls. | 9.8 |
| 2019-10-14 | CVE-2019-17408 | Code Injection vulnerability in Zzzcms Zzzphp 1.7.3 parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. | 9.8 |
| 2019-10-09 | CVE-2019-3652 | Code Injection vulnerability in Mcafee Endpoint Security Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. | 5.3 |