Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-28367 Code Injection vulnerability in Golang GO
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
network
high complexity
golang CWE-94
7.5
7.5
2020-11-18 CVE-2020-28366 Code Injection vulnerability in multiple products
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
network
high complexity
golang fedoraproject netapp CWE-94
7.5
7.5
2020-11-17 CVE-2020-11851 Code Injection vulnerability in Microfocus Arcsight Logger 6.61/7.0/7.0.1
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1.
network
low complexity
microfocus CWE-94
critical
 9.8
9.8
2020-11-13 CVE-2020-25557 Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password.
network
low complexity
cmsuno-project CWE-94
8.8
8.8
2020-11-13 CVE-2020-25538 Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page.
network
low complexity
cmsuno-project CWE-94
8.8
8.8
2020-10-30 CVE-2020-7373 Code Injection vulnerability in Vbulletin
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request.
network
low complexity
vbulletin CWE-94
critical
 9.8
9.8
2020-10-14 CVE-2020-8349 Code Injection vulnerability in Lenovo Cloud Networking Operating System
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface.
network
low complexity
lenovo CWE-94
critical
 9.8
9.8
2020-10-04 CVE-2017-18924 Code Injection vulnerability in Oauth2-Server Project Oauth2-Server
oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE.
network
low complexity
oauth2-server-project CWE-94
7.5
7.5
2020-10-02 CVE-2020-24628 Code Injection vulnerability in HPE KVM IP Console Switch G2 Firmware
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
network
low complexity
hpe CWE-94
8.8
8.8
2020-10-02 CVE-2020-18185 Code Injection vulnerability in Pluxml 5.7
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
network
low complexity
pluxml CWE-94
critical
 9.8
9.8