Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-26 | CVE-2019-14282 | Code Injection vulnerability in Simple Captcha2 Project Simple Captcha2 0.2.3 The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2019-07-26 | CVE-2019-14281 | Code Injection vulnerability in Datagrid Project Datagrid 1.0.6 The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2019-07-19 | CVE-2019-11552 | Code Injection vulnerability in Code42 products Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. | 7.0 |
| 2019-07-18 | CVE-2019-13956 | Code Injection vulnerability in Codersclub Discuz!Ml 3.2/3.3/3.4 Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used). | 9.8 |
| 2019-07-17 | CVE-2019-9848 | Code Injection vulnerability in multiple products LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. | 9.8 |
| 2019-07-15 | CVE-2019-6823 | Code Injection vulnerability in Schneider-Electric Proclima 6.0.1/6.1 A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. | 9.8 |
| 2019-07-10 | CVE-2019-0330 | Code Injection vulnerability in SAP Diagnostics Agent 7.20 The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. | 9.1 |
| 2019-07-08 | CVE-2019-13354 | Code Injection vulnerability in Strong Password Project Strong Password 0.0.7 The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2019-07-06 | CVE-2019-13372 | Code Injection vulnerability in Dlink Central Wifimanager /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. | 9.8 |
| 2019-07-03 | CVE-2019-12844 | Code Injection vulnerability in Jetbrains Teamcity A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. | 6.1 |